March 2003

[March 26, 2003] "Topic Maps Model (TMM)." By Steven R. Newcomb, Sam Hunting, Jan Algermissen, and Patrick Durusau. Produced for ISO/IEC JTC 1/SC34 Information Technology -- Document Description and Processing Languages. March 28, 2003. Editor's Draft, Revision 2.30. Reference: ISO/IEC JTC 1/SC34 N0393. See also the previous version (1.0). "This International Standard specifies: the information structure of all topic maps; certain common properties of topics, and constraints on the values of those properties; constraints on the definitions of Topic Map Applications; the definition of the term 'fully merged' as it applies to topic maps; and other definitions and specifications that support the foregoing... Topic maps are bodies of information that consist of 'topics', each of which is a surrogate for a single subject. If every topic in a topic map is the only surrogate for its subject, then users can find all information about that subject in a single location. The Topic Maps Model -- the information structure of all topic maps that is defined by this International Standard -- constrains the definitions of Topic Maps Applications in order to enable the achievement of this 'Subject Location Uniqueness Objective [SLUO]'. It specifies a foundation for lossless and uniform treatment of heterogeneous topic map information. The Topic Maps Model meets the following requirements: (1) It enables an unbounded number of different Topic Map Applications to be created and used. (2) It enables metrics to be developed for arbitrary sets of Topic Map Applications. (3) It enables Topic Map Applications to be expressed as topic maps. (4) It enables the conformance of Topic Map Applications to this International Standard to be verified. (5) It enables rigorous specification and auditing of the process whereby an interchangeable topic map is understood as a set of subjects. It enables specification of conventions for referring to members of that set of subjects by referring to components of interchangeable topic maps. (6) It enables determination of whether two topic maps are identical. (7) It facilitates the specification and determination of subject identity by humans, as well as machines. (8) When two or more topic maps are merged automatically, the Topic Maps Model [1] enables the merging process to be consistent across Topic Map Applications and their implementations, and [2] preserves the integrity of the information contained in the merged topic maps in the resulting single topic map..." General references in "(XML) Topic Maps."

[March 31, 2003] "Living With Topic Maps and RDF. Topic Maps, RDF, DAML, OIL, OWL, TMCL." By Lars Marius Garshol (Ontopia). Technical Report which extends and improves upon the earlier paper "Topic Maps, RDF, DAML, OIL: A Comparison," presented at XML 2001. ['How to do data conversion back and forth between the two, schema conversion, the use of OWL in topic maps, and the possibility for a common query language.'] "This paper is about the relationship between the topic map and RDF standards families. It compares the two technologies and looks at ways to make it easier for users to live in a world were both technologies are used. This is done by looking at how to convert information back and forth between the two technologies, how to convert schema information, and how to do queries across both information representations. Ways to achieve all of these goals are presented... The focus of this paper is to compare the models of the two technologies, and to use this comparison to describe ways in which the two technologies can be made to work together. In other words, the goal of this paper is to make it easier for users to live with both RDF and topic maps... While the technologies are clearly similar it is equally clear that they are intended for different purposes. Topic maps were created to support high-level indexing of sets of information resources to make the information in them findable. RDF, on the other hand, was intended to support the vision of the semantic web through providing structured metadata about resources and a foundation for logical inferencing... The key lessons [from the paper] are that: (1) Merging the two technologies does not appear desirable or possible. (2) It is possible to convert data back and forth between the two representations using simple, declarative, vocabulary-specific mappings. (3) This makes it possible for RDF and topic maps to have shared vocabularies. (4) RDF constraints can be converted to topic map constraints given such a mapping. (5) Semantic annotations in OWL can be translated directly into a topic map representation of the same information. That is, the descriptive part of OWL can be used both with RDF and with topic maps. (6) It is possible to create a single query language for both RDF and topic maps. In short, it does appear that it is possible to live with both RDF and topic maps..." General references in "(XML) Topic Maps."

[March 31, 2003] "Secure Web Services." By Sang Shin. In Java World (March 18, 2003). ['The upcoming Web services security schemes should help drive Web services forward. Security is important for any kind of distributed computing environment. For Web services environments, security is becoming even more important due to Web services' unique characteristics. In this article, Sang Shin discusses these characteristics and explains why Web services need a different set of security schemes. He then examines the various Web services security schemes being designed and implemented by the industry. These new schemes are expected to accelerate the adoption of Web services, especially in the business community, where security is always a top priority'] "During the past few years, the technology industry has been working on various XML-based security schemes to provide comprehensive and unified security schemes for Web services. These schemes include: (1) XML digital signature; (2) XML Encryption; (3) XKMS - XML Key Management Specification; (4) XACML - Secure Assertion Markup Language; (6) WS-Security - Web Services Security; (7) ebXML Message Service (8) The Liberty Alliance Project. In this article, I define each of these security initiatives, why each is important, and how they all can work together... As more and more business organizations adopt Web services, ensuring secure communication between communicating partners is becoming even more important. In this article, I explained why SSL falls short when it comes to Web services and why the industry is actively defining XML-based Web services security schemes. I also discussed the importance of an identity network and how it can be implemented. Any developer interested in creating Web services should be aware of these standards..." See "Security, Privacy, and Personalization."

[March 31, 2003] "Web Services Security? Not Yet." By David Chappell. In Application Devemopment Trends (April 01, 2003). "Security is the biggest unsolved problem in Web services today. Without an effective way to authenticate clients, guarantee the integrity of transferred data and to ensure data remains confidential during transit, Web services can be applied only in limited ways. The lack of good SOAP-based security mechanisms has had two main impacts. One is that firms tend to use Web services in situations where less-secure communication is acceptable, such as integrating apps inside the firewall. The other is that various less-than-ideal workarounds have been found to make communication with SOAP more secure. SSL can be used for point-to-point connections, for example, as can IPsec or the various security techniques employed by VPNs. Still, the real solution is to define a way to provide intrinsic, end-to-end security for SOAP messages. WS-Security, a specification created mostly by IBM and Microsoft, is intended to address this problem. Rather than define a wholly new set of security mechanisms, WS-Security defines how to use existing mechanisms to provide authentication, integrity and confidentiality for SOAP messages. This makes perfect sense; there are plenty of security mechanisms in existence, so there's no need to invent new ones. WS-Security defines how to use username/ password pairs, Kerberos and public key technology to provide security services for SOAP messages. It also allows the use of other approaches... I wouldn't be surprised to see the Web Services Interoperability Organization (WS-I) define a profile for using WS-Security. Chances are, though, that the group will define profiles for both Kerberos and public key-based approaches rather than mandate one or the other..."

[March 31, 2003] "SOAP Version 1.2 Message Normalization." Edited by Martin Gudgin (Microsoft) and Marc Hadley (Sun Microsystems). W3C Note 28-March-2003. Produced by members of the the W3C XML Protocol Working Group. Version URL: http://www.w3.org/TR/2003/NOTE-soap12-n11n-20030328/. Latest version URL: http://www.w3.org/TR/soap12-n11n/. SOAP 1.2 [SOAP Version 1.2 Part 1: Messaging Framework] intermediaries have some license when reserializing messages that pass through them. Current XML canonicalizations (see XML C14N and EXCL C14N) do not take into account the transforms that a SOAP intermediary can legally apply to messages passing through it. This document defines a transformation that renders all semantically equivalent SOAP messages identically. This transformation may be used in conjunction with an XML canonicalization algorithm prior to the generation of a message digest in producing XML digital signatures that are sufficiently robust to survive passage through one or more SOAP intermediaries..."

[March 31, 2003] "Next-Gen Web Services." By Timothy Dyck. In eWEEK (March 31, 2003). "Web services technology has become the universal glue for keeping the pieces of large distributed systems together. There's been tremendous progress on this front, and two cutting-edge tools from Systinet Corp. and BEA Systems Inc. push SOAP 1.1 just about as far as it can go. Systinet's WASP (Web Applications and Services Platform) Server for Java 4.5 and the complementary WASP Developer 4.5 began shipping earlier this month, providing the most comprehensive set of tools for developing, securing and managing Web services that eWeek Labs has seen. We were impressed enough with Version 4.0 to award it our Analyst's Choice designation, and the same goes for the updated Version 4.5. Meanwhile, the BEA WebLogic Workshop 2.0 beta (available for free trial download from www.bea.com) takes Web services development -- and, in fact, Java Web application development -- in a whole new direction...While the creators of development tools and languages were the early adopters of Web services technology, data providers are riding the next big wave of Web services adoption. All the major databases already support SOAP-based queries through add-on packs; by next year, this support will be deeply integrated into products through adoption of XML-based query languages, the natural counterparts to the XML-based SOAP. The same is happening with packaged applications, which are gratefully planning the deprecation of proprietary, language-specific APIs in favor of Web services. Even with some growing pains still ahead, SOAP and XML are already the leading technologies for one-to-many data integration projects, particularly with smaller or newer companies that haven't invested in EDI (electronic data interchange) or when the scale of the integration project precludes EDI's heavy hand. The T-Mobile International AG case study outlines how the telecommunications company uses Web services to aggregate content services for its mobile phone users and to integrate related billing and localization information with content providers..."

[March 31, 2003] "Open-Source Movement Gains Ground on Microsoft." By Darryl K. Taft and Scot Petersen. In eWEEK (March 24, 2003). "A significant customer opportunity is emerging for open-source software, as more state and federal governments loosen their restrictions on implementations of such software. As the trend unfolds, Microsoft Corp. is insisting that it can coexist peacefully with the model. Last week, Texas state Sen. John Corona introduced Bill SB 1579, which would enable the state to consider open-source technology in its software procurements. Earlier this month, Oregon state Rep. Phil Barnhart presented Bill 2892, which included similar language. Open source has not been allowed in these states, as well as others, because bidders on state projects have had to be commercial entities. As a result, software from the Apache Software Foundation and other purely open-source organizations was ineligible. These pending state-level mandates join similar initiatives in the works in South America and Europe... SSI lets key customers of the Redmond, Wash., company access its source code. 'Showing source code by itself without any freedom transfer -- via the software license -- isn't the same as free software,' said Jarma Poulsen, a developer with international consulting company Atos Origin, in Eindhoven, Netherlands. As an incentive to get developers to deliver more and better-quality open-source software, Tony Stanco, founding director of the Washington-based Center for Open Source & Government, has proposed the Open Source Threshold Escrow Program. Through O-STEP, developers would release source code to open source after it earned a certain amount of revenue. Dendy Young, CEO of GTSI Inc., a Chantilly, Va., supplier of software, hardware and services to the government, said he has not felt any pressure from open source..."

[March 31, 2003] "Web Services Security and More: The Global XML Web Services Architecture (GXA)." By Joseph M. Chiusano (Booz Allen Hamilton). From Developer.com (March 2003). "For quite some time, there has been a growing need for consistent support of more secure Web services -- especially at the levels of inter-enterprise trust and business policy agreement. GXA, as an application-level protocol framework that is built on the foundation of XML and SOAP, helps satisfy this need by providing a consistent model for building infrastructure-level protocols for Web services and applications. By doing so, GXA 'fills the gap' in the current Web services stack. Because GXA is built on top of SOAP, it is also 'transport-neutral' -- that is, it does not rely on any application-level transport protocol such as HTTP or SMTP to carry out its specified functionality. GXA specifications are authored by Microsoft, IBM, Verisign, BEA Systems, RSA Security, and SAP (in various combinations, with Microsoft as an author on all specifications). One of the most valuable aspects of the GXA specifications is that they are designed to be 'protocol building blocks' that can be adopted piecemeal or en masse. The GXA specifications also leverage existing specifications such as ITU-T X.509, W3C XML Signature, and W3C XML Encryption for providing required functionality. Since the initial set of specifications in October 2001, 12 additional GXA specifications have been released -- six in December 2002, and two in March 2003. Several more also have been announced as forthcoming... This article provides highlights from the majority of those specifications that were released up to (and including) December 2002, while those released in March 2003 (WS-ReliableMessaging and WS-Addressing) will be covered in a later article. XML examples that illustrate the main concepts are provided for each covered specification. For brevity, some of these examples denote fragments rather than entire SOAP envelopes... GXA is poised to play a major role in advancing the adoption of Web services through its robust specification of mechanisms for Web services such as security, policy, coordination, federation, and routing. More specifications will be forthcoming for areas such as privacy, federation, and authorization..." See: "Web Services Security and More, Part 2: The Global XML Web Services Architecture (GXA)."

[March 31, 2003] "Metaserver 4.0 Stands Out in Crowded BPI Market. Integration Platform Boasts New Features and Enhanced Flexibility and Resiliency." By Mario Apicella. In InfoWorld (March 21, 2003). "Metaserver is a powerful platform for creating and executing new business processes by recycling existing applications and technical resources, which minimizes development and administration costs... The flexible, modular architecture of Metaserver works well with most development technologies, and makes for easy integration in most datacenters and optimal use of computer resources... Using the proper connectors, Metaserver can link applications from the most common environments, including Microsoft COM, Java and EJB, and Web services, using WSDL (Web services definition language) or XML. The process is slightly different, according to the technical requirements of each target application, but consistent overall. For example, to include an activity that validates a user ID and password in our process, we selected the New Metalink wizard and found the application container (a Java package) on our machine. The wizard listed which methods we could use to access the application, and after we selected one, proposed the input and output data to handle. In addition to reusing existing applications, Metaserver can access message queues, e-mail messages, FTP servers, and using Java or Microsoft connectivity, direct access to databases using ad hoc queries or stored procedures. Support for those critical technologies should cover most companies' integration requirement. Our testing of Metaserver 4.0 revealed many features that we liked. Its complex architecture facilitates adapting the execution engine to a variety of technical and business requirements. Metaserver can integrate easily in most technical environments and coexist smoothly with current application servers. In addition to the most common programming techniques, Metaserver offers hundreds of optional connectors to link others, including popular ERP and CRM packaged applications for capturing data from mainframe terminals. When BPI starts looming in your organization, Metaserver 4.0 is definitely worth your attention..."

[March 31, 2003] "Mission Accomplished. Review of Microsoft InfoPath 2003 Beta 2." By Jon Udell (InfoWorld Test Center). In InfoWorld (March 31, 2003). ['Pros: Intuitive, end-user-accessible tools for designing and gathering structured data; built on open XML and Web standards; automatically writes data definitions (XML Schema) and transformations (XSLT). Cons: Advanced data validation isn't expressed in XML Schema; rich-text editor not very capable; no built-in .Net programming interfaces.'] "The Web services movement envisions a world full of SOAP endpoints, but it has not yet paid enough attention to one special kind of endpoint: the human being. When SOAP packets begin to flow through e-mail and reside on file servers and intranet Web sites -- as they inevitably must -- tools such as InfoPath will prove their worth... XML documents are the currency of the emerging business Web. InfoPath empowers business users to design those documents, fill them with data, and exchange them while guaranteeing the fidelity of that data and shielding the documents from the underlying XML machinery... Saving InfoPath-generated XML in a plain text file is extremely useful. It doesn't matter whether you post or e-mail that file; either way, another user who has access to the .xsn file can view and edit the data. InfoPath's schema-, XSLT-, and script-based validation tools conspire to preserve the data's fidelity. You can also arrange to post results back to a Web service or a server that receives raw HTTP POST requests. Using the latter (and simpler) strategy, I easily arranged to route InfoPath postings to an indexed column of a Virtuoso database. InfoPath is scriptable in a browserlike way. It presents a Document Object Model which you can manipulate from JavaScript. As has been widely noted, .Net programmers will be disappointed to find no managed-code hooks. There are lots of ways to get at InfoPath's XML data, though, and it's important to note that the product does not mainly target developers. Its unique mission is to empower business users to design, gather, view, and exchange packets of XML data. It succeeds on those terms, and in so doing, defines a new and strategic category of desktop software. Built on open standards, it invites competitors to step up to the plate -- and I hope they will. What InfoPath does will come to be seen as an essential function of the decentralized business Web..."

[March 31, 2003] "InfoPath Shows XML's Promise." By Jason Brooks. In eWEEK (March 31, 2003). "'Better working through XML' is the prevailing theme for Microsoft Corp.'s forthcoming Office 2003 productivity suite, and none of its components carries this banner more prominently than InfoPath, a new application for designing and filling out XML-based forms. eWeek Labs' tests of InfoPath Beta 2 showed that, unlike its other Office siblings, this application eschews binary file formats altogether, instead storing form data in simple XML files, which derive their structure, appearance and validation from templates also written in XML. The benefit for companies is that data stored in InfoPath can be readily passed on to any back-end database or Web service that supports XML, although InfoPath makes it easiest to connect to Microsoft SQL Server or Access through ActiveX Data Objects links... For all its potential flexibility on the back end, however, this version of InfoPath suffers from significant interoperability restrictions on the client side. The full InfoPath client must be installed on a user's machine to design or fill out forms, but the only platforms on which InfoPath will run are Windows 2000 Service Pack 3 and Windows XP. InfoPath leaves users of Windows 9x, Mac OS and Linux -- as well as users of Pocket PC and Palm OS devices -- out in the cold, a limitation not shared by Web browser or Adobe Systems Inc. PDF-based forms solutions..."

[March 31, 2003] "WS-I: Guiding Interoperability." By Jeff Reser (IBM Strategic Software Solutions). In .NET Magazine (March 2003). "The Web Services Interoperability Organization (WS-I) was formed in February 2002 to address the issues surrounding the interoperable nature of a Web services-oriented architecture. WS-I isn't a standards development organization, but it works closely with a number of standards bodies, such as the Organization for the Advancement of Structured Information Standards (OASIS), World Wide Web Consortium (W3C), and Internet Engineering Task Force (IETF), to promote and utilize the right set of technologies in compatible business scenarios. The WS-I community grows as companies realize their contributions to WS-I active working groups benefit a common set of goals: to enable and promote the practical adoption of Web services technologies and open standards. WS-I concerns itself with the underlying themes of the aches and pains in implementing Web services across disciplines. Recently, WS-I published a working draft set of architectural guidelines as part of its first major deliverable: the WS-I Basic Profile. The Basic Profile consists of implementation guidelines recommending how a set of core Web services specifications (SOAP 1.1, WSDL 1.1, UDDI 2.0, XML 1.0, and XML Schema) should be used together to develop interoperable Web services. It helps to ensure standards developed by different organizations and vendors interoperate with each other, especially in the increasingly significant Web services areas. The WS-I scenarios included in the profile describe how you can apply Web services to meet real-world business needs. These scenarios provide real-world examples of how you can utilize Web services, while also demonstrating how you can use the specifications individually and/or with others. The WS-I deliverables also include sample applications that support the profiles and scenarios, and testing tools and materials. These sample applications of basic Web services illustrate best practices for implementation and are developed in multiple programming languages using multiple development tools. Sample applications serve as working examples for companies planning to implement Web services. The test materials and tools can be used to verify that the interactions observed with the monitored Web services conform to the set of guidelines and test assertions that define the profiles..." General references in "Web Services Interoperability Organization (WS-I)"

[March 28, 2003] "A Corporate-Friendly Makeover for Open-Source IM." By Christopher Saunders. In Enterprise IM (March 27, 2003). "The open-source IM movement stands to gain from a new, graphical front-end for installing and configuring the JabberD server. Released by the not-for-profit Jabber Software Foundation this week, the JabberD Quickstart executable represents a big step for the open-source JabberD server, the most widely deployed open-source IM server. JabberD relies on the XML-based Extensible Messaging and Presence Protocol (XMPP), supporters of which have been struggling to get traction in enterprises, amid heavily entrenched competition from the likes of IBM Lotus Sametime and Microsoft Exchange, a host of startups, and the public IM networks -- who are busily promoting enterprise offerings of their own. One way in that the JSF hopes to appeal to corporations is by addressing a lingering limitation in the server distribution: JabberD had previously been configured and maintained only through a command-line interface and a hand-edited XML configuration file... Already, the Linux-based offering is seeing new interest from users. Less than a month old, the release has been downloaded about 3,500 times. It's difficult to know how many installations have resulted from the downloads, the group says, because they tend to be behind the corporate firewall. (A survey conducted earlier on the group's site, Jabber.org, found that about 30 percent of users had deployed JabberD in intranet settings.) In addition to the current Linux deployment, the group is also working on versions for other platforms. Despite the benefits of a front-end and the early signs of rapid adoption, the JSF acknowledges that other work needs to be done on JabberD before its open-source IM becomes truly palatable to corporate-types -- work that includes beefing up security features, documentation, and public IM gateways. "Security is in the works through our work with the IETF," Saint-Andre said, referring to the recent creation of an XMPP Working Group within the Internet Engineering Task Force, the Internet's leading standards body. "Jabber is pretty secure already, but we're beefing that up even more. Documentation is always a sore point, since so few people in the open-source community are interested in documentation. However, we have a major translation effort underway for documentation, so we will have our docs in many major languages soon'..." See: (1) IETF Extensible Messaging and Presence Protocol Working Group ; (2) "Extensible Messaging and Presence Protocol (XMPP)"; (3) "Jabber XML Protocol."

[March 28, 2003] "XML Matters: Kicking Back with RELAX NG, Part 2. Tools and Special Issues." By David Mertz, Ph.D. (Facilitator, Gnosis Software, Inc). From IBM developerWorks, XML zone. March 26, 2003. ['RELAX NG schemas provide a more powerful, concise, and semantically straightforward means of describing classes of valid XML instances than do W3C XML Schemas. In this installment, David continues the discussion of RELAX NG begun in part 1 of this series by addressing a few additional semantic issues and looking at tools for working with RELAX NG.'] "In the last installment I gave you a fairly complete overview of both the syntax and semantics of RELAX NG schemas. However, a few issues were glossed over, and are worth looking at more closely. Both DTDs and W3C XML Schemas allow for infoset augmentation, while RELAX NG does not. James Clark, one of the creators of RELAX NG (and many other widely used XML tools), argues vehemently that infoset augmentation violates modularity in the roles of XML instance documents and schemata. In other words, for Clark, RELAX NG has a feature where DTDs and W3C Schemas have a bug. My own feelings on the matter are mixed, but I can understand his intuition... Unfortunately, XML editors do not yet support RELAX NG as widely as they do W3C XML Schemas. Of course, DTDs remain much more widely supported than either of these schema styles. This is a shame because it would actually be far easier to include customizations around RELAX NG in an editor because of the simple conceptual framework of RELAX NG validation. Ideally, a custom XML editor would utilize a RELAX NG schema to direct and assist a user in the insertion of attributes and elements in ways that maintain validity. One compromise would be to use a tool like trang to convert a RELAX NG schema into a W3C XML Schema or DTD that approximates it, then use those within a GUI XML editor. But doing so would help only to a limited extent. One XML editor is built around RELAX NG -- the Java technology-based XML Operator... I played with it a little, and found that it could be potentially useful, but it would fall on the low end of the XML editors I have previously reviewed; XML Operator implements just a few features here and there, and provides neither the huge array of tools of XML Spy, or the simple elegance of oXygen. XML Operator implements just a few features here and there, and provides neither XML Spy's huge array of tools, or oXygen's simple elegance... In part 1 and here in part 2, I have looked at most of the elements of RELAX NG, and included a summary of tools for working with it. The third and final installment will touch briefly on how RELAX NG lets you include external schemas in your schema, and selectively merge the specifications of different schemas. But part 3 will primarily look at the RELAX NG compact syntax in more detail, and explain the exact correspondences between compact syntax and XML syntax..."

[March 28, 2003] "XMPP Instant Messaging." By Peter Saint-Andre and Jeremie Miller (Jabber Software Foundation). IETF Network Working Group, Internet-Draft. Reference: 'draft-ietf-xmpp-im-06'. March 26, 2003, expires September 24, 2003. 73 pages. "The core features of the Extensible Messaging and Presence Protocol are defined in XMPP Core. These features -- specifically XML streams, stream authentication and encryption, and the <message/>, <presence/>, and <iq/> children of the stream root -- provide the building blocks for many types of near-real-time applications, which may be layered on top of the core by sending application-specific data scoped by particular XML namespaces. This document describes the extensions to and applications of XMPP Core that are used to create the basic functionality expected of an instant messaging and presence application as defined in RFC 2779..." General references in "Extensible Messaging and Presence Protocol (XMPP)." [cache]

[March 28, 2003] "Web Services Paths Remain Divided. Opposing Forces Struggle Over Standards." By Paul Krill. In InfoWorld (March 28, 2003). "Sun Microsystems entry into IBM and Microsoft's WS-I (Web services interoperability) organization was widely interpreted as a good step towards industrywide cooperation. But as a dazzling array of vendor-driven standards continues to emerge, a fresh set of machinations are proving that the battle for control of Web services standards remains alive and well between two camps: IBM and Microsoft on one side, Sun and to some extent Oracle on the other. And where enterprises are concerned, the politics threaten to limit the choice of commonly available standards they rely on to drive down the development and support costs related to the integration of disparate systems across the Internet. The areas in question range from security and transactions, via WS-Security and WS-Transactions, to business processes orchestration or choreography through both BPEL4WS (Business Process Execution Language for Web Services) and WSCI (Web Services Choreography Interface). And in another twist, questions are now starting to surface over whether patent holders are entitled to royalties for use of their technology in standards implementations. Some fear intellectual property rights issues hovering over standardization could stifle the growth of Web services itself... Part of the problem the companies face is defining when proprietary specifications become standards. According to OASIS President and CEO Patrick Gannon, there are a lot of proprietary specifications but practically no official standards for Web services. 'The only standard is XML,' he said. But he stressed their importance. 'If companies want to deploy Web services beyond a few close trading partners or internally, they can't do it without open standards,' Gannon said. SOAP, WSDL, and to a lesser extent, a directory specification now under OASIS jurisdiction, make up core so-called standards in Web services along with XML. The base SOAP and WSDL specifications provide for loosely coupled Web services, which ship data around but do not provide for more sophisticated tightly coupled services such as verification of transactions, said Eric Newcomer, vice president and chief architect at Iona in Waltham, Mass. Newcomer is also editor of the W3C WS-Architecture specification, which is intended to determine a definition and scope for Web services. Further standardization is needed in areas such as security, transactions, and business process orchestration, he said..."

[March 27, 2003] "Sun Wins WS-I Seat." By Darryl K. Taft. In eWEEK (March 27, 2003). "Sun Microsystems Inc. has won a two-year position on the Web Services Interoperability Organization (WS-I) board of directors, sources said. In winning this slot, Sun joins the leaders in Web services on the board of an organization initially formed with the apparent intent of keeping the Unix systems vendor out of its ranks. Now Sun is a member of that board, with the same rights and responsibilities as the rest of the 11 members... The other open board seat went to webMethods Inc. The company will serve a one-year term. Mark Hapner, Sun's lead architect for Java 2 Enterprise Edition (J2EE) and chief Web services strategist for Java Web services, will represent Sun on the WS-I board. Hapner told eWEEK in a prior interview that he was pleased to have the opportunity to run for the WS-I board slot and said that Sun has participated 'strongly' in the organization since it joined last October. Sun has participated in WS-I efforts involving business process integration, developing sample applications for testing interoperability, and chairing a security working group. The Santa Clara, Calif., company also has been instrumental in developing and promoting Web services standards like WS-Reliability, he said. And Sun has made conformance to the WS-I Basic Profile 1.0 a requirement of J2EE 1.4 compliance, he added... Sun's work with the Java Community Process, which is the multi-vendor coalition that votes on Java platform specifications, gave the company an advantage over competitors for the slot as well, Hapner said. 'We found in our work in the Java compatibility arena that it takes significant investment and dogged persistence to achieve interoperability,' he said. 'The payback is customers feel secure in broadly pursuing interoperability.' Indeed, Sun's Java expertise itself was a distinguishing factor that set Sun apart from others in the running, the company said. 'We are the representative for Java and J2EE, which will be one of the two primary platforms on which people will develop Web services,' Hapner said. Hapner said Sun's history is that of a leader in the Web services space. The company has had strong participation in the evolution of Simple Object Access Protocol 1.2 and Web Services Description Language 1.2, as well as other specifications and foundational Web technologies, he said..." "Web Services Interoperability Organization (WS-I)."

[March 25, 2003] "VXML and VoIP Boost Customer Satisfaction. Quickly ID Your Callers Via These Two Technologies." By Veronika Megler (Certified Consulting IT Architect, Emerging and Competitive Markets, IBM). From IBM developerWorks, Wireless. March 2003. ['In this article on how to improve your customers' experience with your automated telephone-response system, Veronika Megler demonstrates how to combine VXML and VoIP with the information inherent in a telephone call to identify both the caller and the number being called. Use this lesson to improve telephone system efficiencies and bring back customers.'] "As both a consumer and a technologist, I am continually annoyed by the poor usability of many automated telephone-response systems -- especially because I know how little effort it would take to improve them. In Talk to my VoIP, I described an application that uses a Voice-over IP (VoIP) connection to access VoiceXML- (VXML) fronted back-end applications. I also showed how these technologies can provide flexible access to application information and deliver better telephone-based assistance to the average service-center caller. By using what you already know about your caller the moment you answer the call, you can expand these concepts to take personalization and usability to the next level... by accessing the target number, you can provide different voices for different choices. You can use these basic principles and existing technology to build increasingly usable voice-driven applications..." "VoiceXML Forum."

[March 25, 2003] "Squeezing SOAP. GZIP Enabling Apache Axis." By Brian D. Goodman (IT Architect, IBM Intranet Technology, IBM). From IBM developerWorks, Web services. March 2003. ['GZIP encoding over HTTP is pretty much old school. "Been there, done that" is the attitude of most. However, if you have been working with a few of the current SOAP implementations, you'll find that they don't take advantage of it. While knowing they will eventually come around, if you are building real world Web service solutions and want a performance boost, GZIP is for you.'] "GZIP encoding over an HTTP transport is a well known technique for improving the performance of Web applications. High traffic Web sites use GZIP to make their user's experience faster, and compression is widely used to make files smaller for download and exchange. In fact, as far as XML goes, GZIP is not even the latest, cool thing to be doing. New technology, like AT&T's XMill, claims twice the compression of GZIP in roughly the same amount of time. GZIP, however, is a core component of the Java platform and many Web servers have the ability to compress content independent of the files or applications it serves up. For that reason, this article will look at what it takes to use GZIP in conjunction with the Axis SOAP implementation. This has proven useful for projects and solutions that need the extra performance now and for which you are willing to sacrifice time spent integrating with follow on releases of SOAP implementations later. Furthermore, this article looks at encoding at the servlet level, which will enable you to implement a different content encoding scheme... GZIP encoding over HTTP is part of Web technologies as we know it. Using it in the existing Web service framework is a logical next step. However, solutions are being designed, built, and deployed every day on these SOAP implementations. In many instances, being able to GZIP encode the SOAP envelope results in faster transaction times with a relatively low overhead. This performance upgrade can be realized today with some simple code modifications. Enabling GZIP encoding in your SOAP environment lets you take advantage of compression today, while patiently waiting for the integration into our favorite implementations..." Related references in: (1) "XML and Compression"; (2) "Simple Object Access Protocol (SOAP)."

[March 25, 2003] "W3C Boosts XML Document Referencing. Specific Information Citable." By Paul Krill. In InfoWorld (March 25, 2003). "W3C [has] issued its XML Pointer Language (XPointer) Recommendation, providing a lightweight, extensible model for identifying parts of XML documents. The recommendation step is the final, formal adoption stage at W3C. 'What XPointer allows is for people to be able to point to different parts of an XML document,' said W3C spokeswoman Janet Daly. 'You might want to be able to identify a section or fragment in a large document and you want to be able to link to it.' Prior to XPointer, the only way to link to XML documents was to point to the whole document or utilize an identifier of a document part specifically inserted by the document author, Daly said. Now, links can be made to just the specific parts of a document. XPointer already has been implemented in some products, according to Daly... The XPointer element Scheme allows the user to point to specific elements in XML documents and data. The XPointerXMLns Scheme brings XML Namespaces to the XPointer Framework, to avoid name collisions between schemes and provide namespaces binding information for use within other schemes, according to W3C. This supports development of personal identifying vocabularies and distinguishing between them..." See: (1) "World Wide Web Consortium Issues XPointer Recommendation. XPointer Gives Extensible Model for Identifying XML Fragments, Improving Precision of Linking."; (2) other references in "W3C Publishes Recommendations for the XML Pointer Language (XPointer)."

[March 25, 2003] "Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies." Edited by Graham Klyne (Nine by Nine), Franklin Reynolds (Nokia Research Center) Chris Woodrow (Information Architects), Hidetaka Ohto (W3C/Panasonic), Johan Hjelm (Ericsson), Mark H. Butler (Hewlett-Packard), and Luu Tran (Sun Microsystems). Produced by the W3C CC/PP Working Group as part of the W3C Device Independence Activity. W3C [Last Call] Working Draft 25-March-2003. "This document describes CC/PP (Composite Capabilities/Preference Profiles) structure and vocabularies. A CC/PP profile is a description of device capabilities and user preferences that can be used to guide the adaptation of content presented to that device. The Resource Description Framework (RDF) is used to create profiles that describe user agent and proxy capabilities and preferences. The structure of a profile is discussed. Topics include: (1) structure of client capability and preference descriptions; (2) use of RDF classes to distinguish different elements of a profile, so that a schema-aware RDF processor can handle CC/PP profiles embedded in other XML document types. CC/PP vocabulary is identifiers (URIs) used to refer to specific capabilities and preferences, and covers: (a) the types of values to which CC/PP attributes may refer, (b) an appendix describing how to introduce new vocabularies, (c) an appendix giving an example small client vocabulary covering print and display capabilities, and (d) an appendix providing a survey of existing work from which new vocabularies may be derived..."

[March 25, 2003] "Microsoft Office Word 2003 Beta 2 Preview. Part 1 of 2." By Siew Moi Khor (Microsoft Corporation). In Microsoft MSDN Library. March 2003. "The latest version of Word, Word 2003, has many new and exciting features and improvements. In this article, you will be given the following high-level preview of the latest features of Word 2003 Beta 2: Extensible Markup Language (XML) support; Smart Document solutions; Research library... XML removes the obstacles that stemmed from data being locked in binary files, and enables semantic structure around content, which makes data retrieval quite easy. XML support in Word 2003 is one of the most exciting breakthroughs for Microsoft Office 2003. Through the use of XML, Word content becomes free-flowing, unlocked data, which can be modified. The sharing of information between documents, databases, and other applications also simplified with XML... Word 2003 is an XML solution development platform allowing developers to build powerful structured Word documents and templates that leverage XML to capture information from end users' input. End users can continue to enjoy all the rich editing features that they expect, like auto correct, spell check, grammar check, change-tracking, and more. In short, users can continue using Word the way they always have. They do not need to know anything about XML to take advantage of its capabilities in Word 2003. There is a rich Visual Basic for Applications (VBA) object model support for the XML functionality of Word 2003. There are also new object model events that allow developers to customize the Word 2003 editing environment. For example, you can hide XML from end users while taking full advantage of the power of XML in Word. Additionally, a Word XML Content Development Kit (CDK) is available to Office 2003 Beta 2 program participants to help developers quickly get up to speed on how to build XML solutions using Word 2003 as a development platform. Word 2003 has a native XML file format called WordML that can be fully round-tripped without losing Word formatting. As a result, developers can easily detach presentation information from data. WordML can be transformed to separate the pure XML data from formatting as required, which also allows developers to reveal Word-specific content... Smart Document technology in Word 2003 and Microsoft Office Excel 2003 enables the creation of XML-based applications that provide users with contextual content via the Office task pane. With Smart Documents, users can increase productivity because content is presented in the task pane as they navigate through a document, reducing the time spent searching for or filling in data, or looking for help. Users benefit from a Smart Document's ability to deliver relevant information and actions through the use of an intuitive task pane that synchronizes content based on the user's current location within the document... The new Research Library feature in Office 2003 makes searching for relevant information and integrating that data into Office documents easier..." See "Microsoft Office 11 and InfoPath [XDocs]."

[March 25, 2003] "Product Review: Microsoft Office 2003 Beta 2." By Gregg Keizer. In ZDNet (March 24, 2003). "Perhaps to assuage the clamoring public or to work out some development kinks, Microsoft has released a public beta of its popular office suite. Our initial assessment? As in Office XP, the suite's most prominent changes target the professional market. True, Microsoft has enhanced some of Office 2003's applications, adding small improvements such as Outlook's better e-mail handling and spam filtering. But most Office enhancements benefit large-scale setups. Corporate intranets will get a lot out of the suite's new XML integration, which facilitates moving information from one program to another, and its beefed-up collaboration features. Corporate buyers may want to give this beta a run. But, if nothing much changes with the final release, consumers won't find much reason to upgrade... Office Pro 2003 doesn't debut any new fix-it features but retains the help menu's Check For Updates and Detect And Repair functions, which go online and sniff for updates or patches and repair any damaged or corrupted files. We'd like to see Office become part of the Windows Update process, which automatically scans your PC and recommends updates, so that we wouldn't have to go two places -- one to patch Windows, another to fix Office. Alas, that won't happen in this edition..."

[March 25, 2003] "Sun Attacks Microsoft XML Strategy Shift." By David Worthington. From BetaNews (March 24, 2003). "Sun Microsystems fired its first salvo at Microsoft's upcoming Office 2003 by calling into question the aim of Redmond's overall XML strategy, and touting StarOffice 6.1 as a low cost alternative for cost conscious enterprises. During a telephone interview, Sun's Iyer Venkatefen, product manager for StarOffice, told BetaNews that Microsoft was not abiding by the OASIS standards. With more than 600 members in 100 countries, OASIS, or Organization for the Advancement of Structured Information Standards, is a global consortium that establishes standards to ensure interoperability. While Microsoft embraced openness and follows base-level XML standards, it is taking a different approach towards defining office formats by letting developers decide what schema, or data structure, suits them best. For instance, a document type dubbed XBRL is intended for use in business reporting and would be an industry wide standard written with XSD. XSD, often referred to as a schema, is an XML-based W3C standard language for describing the rules that the structure and the contents of a particular type of XML document are required to follow. Competitors such as Sun and Corel are working with an OASIS technical committee to arrive at a common consensus for these office document schemas. Microsoft is accepting any schema so long as it is XSD compliant, allowing customers to tailor their own... Company spokesperson Jason Carson told BetaNews that customers have the freedom to use any W3C compliant schema that is XSD based. The general idea was simply not to stick with OASIS. Office 2003 will instead support a slew of standardized and proprietary schemas. Carson claimed that Sun was trying to standardize under a single schema, and went on to say that XML implementation in Office was never meant to create a standard format, but a method to freely share information regardless of the platform. Indeed, XML is not the default data format for Office 2003 applications, just an option. Adding fuel to the fire, Microsoft recently quit the W3C Web services standards body, which has prompted some naysayers to call into questions its commitment to standardization. Microsoft refutes such claims and says its XML technologies are fully compliant..." Related references in: (1) "XML File Formats for Office Documents"; (2) "XML Schemas"; (3) "Microsoft Office 11 and InfoPath [XDocs]."

[March 25, 2003] "Proposed Infoset Addendum to SOAP Messages with Attachments." By Adam Bosworth (BEA), Don Box (Microsoft), Martin Gudgin (Microsoft), Mark Jones (AT&T), Franz-Josef Fritz (SAP), Amy Lewis (Tibco), Jean-Jacques Moreau (Canon), Mark Nottingham (BEA), David Orchard (BEA), Hervé Ruellan (Canon Jeffrey Schlimmer (Microsoft), Volker Wiechers (SAP). Copyright BEA Systems Inc. and Microsoft Corporation. 24-March-2003. Version 0.6 Draft. 22 pages. Abstract: "This specification defines a small number of XML and SOAP conventions that clarify an earlier proposal and collectively allow opaque data and web references to be used in an Infoset-based messaging model." From the Introduction: "The desire to integrate XML with pre-existing data formats has been a longstanding and persistent issue for the XML community. Users often want to leverage the structured, extensible markup conventions of XML without abandoning existing data formats that do not readily adhere to XML 1.0 syntax. Often, users want to leave their existing non-XML formats as is, to be treated as opaque sequences of octets by XML tools and infrastructure. Such an approach would allow widely used formats such as JPEG and WAV to peacefully coexist with XML. As XML is increasingly used as a message format (e.g., SOAP), the interest in integrating opaque data with XML has increased to the point where there are at least two concrete proposals for doing so: SOAP Messages with Attachments 1.0 and WS-Attachments. The former has gained some traction within the community but is under specified with respect to the XML Infoset [Infoset] and with respect to the processing model of SOAP... This document proposes a set of concrete idioms and conventions that clarify the processing model of SOAP Messages with Attachments, yielding the following enhancements: (1) Alignment with the XML Infoset-based data model and the SOAP processing model -- opaque data may be correctly processed by intermediaries and may be secured (2) Backwards-compatible message syntax -- every message conforming to this proposal is a legal SwA/1.0 message (3) Alternate message syntax for SOAP processors that have no knowledge of SwA or this proposal -- message content can be faithfully serialized in a form that is understandable by SOAP processors that do not comply with this specification..." Note of 2003-03-25 from Martin Gudgin (Microsoft): "We have now posted the document illustrating an infoset approach to the attachment feature... This document is intended to be a concrete realisation of the ideas laid out in the white paper "XML, SOAP and Binary Data"; see abstract. Also available in PDF format. [cache]

[March 25, 2003] "Achieving Application Coordination With Business Transaction Management Software." Choreology White Paper. 7 pages. "... The main purpose of an application coordination product is to ease, cheapen and standardize the elimination of inconsistencies in information held in different systems. We have identified four key patterns or models where application coordination is applicable. A solution that provides application coordination can be used in any industry, but for the sake of illustrating the potential in a complex environment, the examples of the following models focus on the financial services industry (1) Coordinated dispersal of information: Under this model, business information is propagated or dispersed on an 'all, some, or nothing' basis. The dispersing system knows the exact outcome of processing by each recipient and business rules determine viable outcomes, enabling partially correct results. (2) Creating synchronization barriers: In this model, complex, coordinated action is contingent on the result of a prior coordinated action. Following the same example in the previous model, an organization ideally won't propagate trade data throughout the front office and settlement systems until all of the reference data has been coordinated and checked throughout the system. (3) Coordinated aggregation: This is can also be thought of as the escrow model and appears frequently in credit check or payment-againstdelivery processes. It involves obtaining information or commitments that build up to a coherent outcome. The receiving system and sending service both know information has been delivered, and the receiving system uses business rules to determine viable aggregations. (4) Coordinated creation of binding contracts: This pattern is used for negotiation leading to a deal being struck. Other uses include the sending and acceptance of confirmations. Many trading protocols and information exchanges follow this fundamental pattern. Acceptance of an offer creates a binding commitment -- the parties are bound to deal and acknowledge involvement. Rejection induces counterproposal or re-proposal. Any outcome is common knowledge, and is mutually assured by comparable records..." [cache]

[March 25, 2003] "W3C Spec Labels XML Parts." By Paul Festa. In CNET News.com (March 25, 2003). "A method of labeling discrete parts of an XML document concluded its tortuous journey toward standardization with the World Wide Web Consortium's approval of XPointer. The World Wide Web Consortium (W3C) on Tuesday issued XPointer in three installments: XPointer Framework, XPointer element Scheme, and XPointer xmlns Scheme. Extensible Markup Language (XML) is a W3C recommendation that lets authors create their own task- or industry-specific markup language for more flexible and searchable digital documents. While XML has long had a linking mechanism built in, the trio of XPointer recommendations provides a way for anyone to segment an XML document and label and link to it. The Framework gives authors a model for identifying parts of an XML document. The element recommendation lets authors 'point' to those specific parts, and the xmlns, or namespace, recommendation establishes a means of delineating which tags belong to which XPointer schemes so that browsers can distinguish between same-named tags from different schemes..." See: (1) "World Wide Web Consortium Issues XPointer Recommendation. XPointer Gives Extensible Model for Identifying XML Fragments, Improving Precision of Linking."; (2) other references in "W3C Publishes Recommendations for the XML Pointer Language (XPointer)."

[March 25, 2003] "RSS 0.91, 0.92 and 2.0 Really Simple Syndication." By Ben Hammersley. Chapter 4 in Content Syndication with RSS: Sharing Headlines and Information Using XML. March 2003. 19 pages. Book description: "RSS (which can stand for RDF Site Summary, Rich Site Summary, or Really Simple Syndication) is an XML-based format that allows web developers to describe and syndicate web site content. Content Syndication with RSS offers webloggers, developers, and the programmers who support them a thorough explanation of syndication in general and RSS in particular. Written for web developers who want to offer XML-based feeds of their content, as well as developers who want to use the content that other people are syndicating, the book explores and explains metadata interpretation, different forms of content syndication, and the increasing use of web services in this field. If you're interested in producing your own RSS feed, this step-by-step guide to implementation is the book you'll want in hand..." See "RDF Site Summary (RSS)."

[March 25, 2003] "Leverage XSLT to Build Applications. Moving Beyond Format Transformations to Multi-Tiered Solutions." By Chen Shu, Nianjun Zhou, and Dikran S Meliksetian (IBM). From IBM developerWorks, XML zone. March 25, 2003. ['This article describes a methodology for building an XML-based, end-to-end, multi-tiered solution by leveraging XSLT technology. The authors introduce this methodology through an example application in which XSLT is not only used in the transformation at the presentation layer, but also in retrieving data from heterogeneous data repositories and generating data-centric XML documents at the back-end. This application also provides data computation, such as statistical analysis in the middle tier.'] "XSLT can be used to perform additional tasks within an application that uses XML as its main data representation model... In this article, we demonstrate how to build an application where XSLT is used beyond its traditional role of format transformation. Within the example application, we leverage XSLT to accomplish the following tasks: (1) Transform the repository data from a relational representation to XML; (2) Perform statistical analysis of the data represented as an XML document; (3) Generate an XML document based on a particular business logic; (4) Render the XML as HTML, WML, and VXML. This application demonstrates that you can easily create search applications using legacy information and serve the results in multiple output formats by adding the proper XSL transformtion scripts. The methodology can be used in a variety of applications that need simple data analysis and data format transformation. This article is organized as follows... we briefly introduce the example application and the requirements upon which we built it; we describe the architecture of our solution, followed by a detailed description of the XML transformations required within the application. Finally, we conclude by stressing the versatility of the solution with respect to changes in requirements, as well as input and output data formats... The example application is a search framework that attempts to minimize the sequence of questions and answers required to find a searched object. The system is called Guided Adaptive Search Framework (GASF)... The methodology demonstrated by GASF can be used in a variety of applications -- such as Web content management systems, knowledge management systems, and business-to-business transactions -- where you have the need to compose an XML object from various data sources, and then process and render it on the fly. We believe that as XSLT technology matures, this can be performed more efficiently and extensively. The primary advantage of leveraging XSLT to enable applications is its flexibility and low cost of development. For applications that do not need to support high volume transactions, XSL transformation can provide a quick, easy, and cost-saving solution..."

[March 25, 2003] "XML Gathers Momentum. New Standard Makes The Language Useful, Helps Simplify Access-Control Policies." By Michael Hardy. In Federal Computer Week (March 24, 2003). "Extensible Markup Language has become a pervasive force in applications in which computers share data or interact. To make the language even more useful, standards bodies are churning out specialized versions of XML at a rapid pace. For example, in February, the Organization for the Advancement of Structured Information Standards (OASIS) released Extensible Access Control Markup Language (XACML), which allows organizations to build their rules for access to systems or information into the open standard. That way, XACML can eliminate the need for multiple access-control policy languages, which many organizations now rely on... Open standards ease the headaches involved in integrating systems, such as making disparate applications adhere to an agency's access rules, said Steve Hanna, senior staff engineer at Sun Microsystems Inc. and a member of the OASIS committee that developed XACML. Sun issued its XACML Implementation Feb. 18, with code based on the company's Java programming language. 'We looked at what's out there today, and it's a mess,' he said. 'Every application has its own policy language, its own policy syntax. If somebody comes to you and says, 'Here's the high-level policy we want to implement,' you have to translate it over and over again, once for each system.' Even in the absence of a standard, though, XML is much more flexible than a proprietary system, according to Bill Wright, president of Computas NA Inc. The company's Metis product is designed to help administrators construct an enterprise architecture by converting data into XML form. Because no standard exists for enterprise architectures, Computas created its own. When a standard does emerge, he said, XML will make the transition easy. Vendors, by and large, support open standards because they level the playing field, said Bill Edwards, chief technology officer at Siebel Systems Inc. Buyers are wary of getting locked into one vendor's product line and are more comfortable when the connection points that support multiple applications are based on something every vendor can use, he said. In 2002, Siebel, Tibco Software Inc., Vitria Technology Inc., webMethods Inc., Microsoft Corp., IBM and SeeBeyond Technology Corp. formed the Universal Application Network to develop XML-based business processes for their customers..." See also "Extensible Access Control Markup Language (XACML)."

[March 25, 2003] "Physics Institute Turns To Web Services." By Tony Kontzer. In InformationWeek (March 24, 2003). ['The American Institute of Physics turns to eMeta's software to take a new approach to delivering its journals.'] "The American Institute of Physics was one of the first online publishers of academic journals, having launched its Online Journal Publishing System in 1994. With some 110 journals in its repertoire today, the institute has been using eMeta Corp.'s eRights access-control technology for more than two years to make sure that the scientists and researchers who come to the site only get access to what they're entitled to. That means everything from free browsing to the purchase of individual articles to full-blown subscriptions. Now the institute wants to start experimenting with developing a Web-services approach to delivering its virtual journals, what it calls the documents it publishes directly to its users between the production of complete journals. With the release Monday of a new suite of applications, eMeta will open that door with the introduction of RightServices, a software module that will let customers set up Web services that can tap access-control rules built with the former eRights engine, now called RightAccess... EMeta opted to divide its flagship eRights application into two modules -- RightAccess and RightCommerce -- because customers had been confused by commerce-related fields that were part of the access-rights setup. 'We're seeing people who really want to secure -- but may not want to monetize -- their content,' says CEO Jonathan Lewin. With the new RightServices app added to the suite, Lewin says customers will be able to purchase a more precise fit to meet their needs. He says one-fourth of the company's customers have requested Web services APIs so they can build Web services to deliver content and applications online..." See: (1) AIP website; (2) Online Journal Publishing Service (OJPS), using SGML: "AIP uses a customized version of the ISO standard 12083 DTD to create, store and disseminate e-journal content. The 12083 DTD, or Document Type Definition, is widely utilized by scientific and technical publishers to define content elements and validation rules for describing and processing technical manuscripts. AIP can accept virtually any type of source file and convert it to 12083 compliant SGML..."

[March 24, 2003] "CERT, Feds Consider New Reporting Process." By Dennis Fisher. In eWEEK (March 24, 2003). "Government officials and private organizations alike are reviewing their vulnerability disclosure processes after several incidents over the past 10 days exposed major shortcomings in the way new bugs are handled. The most dramatic case for change came early last week when an anonymous member of a security mailing list posted three unpublished vulnerability advisories. None of the advisories had been released by the authors -- or by a third party such as the CERT Coordination Center -- who typically handle such announcements. The posts were taken from advance copies of the advisories that CERT had shared with a select group of software vendors, something that has angered CERT officials... CERT is now considering whether changes can be made to its process for handling vulnerabilities. The federal government, meanwhile, is discussing ways to centralize vulnerability reporting... The government is considering a plan to establish a single point of contact for vulnerability reporting; researchers would submit discoveries to the contact. The government would then work with the researcher and the affected vendors to coordinate release of the information. The hope is to avoid leaks and to speed vendor response to security problems. However, the Information Assurance and Infrastructure Protection division of the Department of Homeland Security is still without a leader, clogging any major initiatives, insiders said. While the Bush administration has found it difficult to fill the top information security job, sources say Bob Liscouski, director of information integrity and assurance at The Coca-Cola Co., in Atlanta, is slated to take the job of assistant undersecretary for IAIP... The trouble began when a member of the Full-Disclosure mailing list posted three vulnerability reports. Only one of the problems had been disclosed previously, and patches were not yet available. All the advisories detailed the vulnerabilities and affected products. All the vulnerability reports were serious. The first, posted March 15 [2003], warned of a cryptographic weakness in the popular Kerberos protocol. The second message discussed a timing attack on cryptographic keys. The third, posted March 16, concerned a problem in a code library contained in Unix-based software from Sun Microsystems Inc. and other vendors. The Kerberos bulletin was officially released March 17; the details of the timing attack were published on another Web site the previous Friday..."

[March 24, 2003] "Environment, Behavior, and Scripting. Developers are Better When 'Multilingual'." By Jon Udell. In InfoWorld (March 21, 2003). "... We cling to the notion that developers need to master only one programming language, but this notion has never been true. The short list, nowadays, might be Java or C#, SQL, JavaScript, Perl or Python, XSLT (Extensible Stylesheet Language Transformation), and maybe a Unix shell language. These languages differ along two axes: environment and behavior. JavaScript, for example, is a powerful and dynamic scripting language that can in principle be used in almost any environment but in practice is most often wielded from within the browser, with which it has a special relationship. Perl, Python, and Ruby provide their own environments in the form of libraries (such as Perl's Comprehensive Perl Archive Network, or CPAN) that mix scripted and compiled modules. Java's environment is defined by its class libraries, as is that of C#... The Java and .Net libraries are becoming standard infrastructures that should be reused, not recreated. Scripting languages can, and indeed must, push forward with innovation. Features such as Python's list comprehensions and Ruby's iterators are powerful constructs that can rewrite the productivity equation. Scripting languages are also wonderful proving grounds for idioms that might get baked into the next generation of common infrastructure -- for example, Ruby's tuplespace, which is a kind of associative memory. If new languages didn't have to recreate the standard environment, such innovations might happen more often, and might be easier to adopt..."

[March 24, 2003] "KyTek Beefs Up XML Support. New Version of XMLxt Makes it Easier to Mate XPress and XML. [Print Workflow.]" By George Alexander. In The Seybold Report Volume 2, Number 23 (March 24, 2003). ISSN: 1533-9211. "KyTek specializes in long-document XTensions for Quark XPress. In recent years, the company has been moving increasingly into SGML and XML support. The company has just released version 4.0 of its XMLxt, an XTension for composing Quark documents from XML files. The XTension utilizes Quark's 'hidden text' feature to preserve the XML tagging within the XPress document, which makes it possible to make changes to the document content in XPress and then save it as XML with the changes intact. The new release provides better editing of the XML tags (when they are displayed) and better protection from inadvertent editing (when they are hidden). The options for XML export have also been improved. More specifically, the improvements are: (1) Simplified tagging: it is now practical to do a limited amount of tagging within Quark XPress. (2) Checking for well-formed tags: XMLxt can check for proper nesting of tags in the whole document, a chain of text boxes or a selected range of text. (3) Protection against inadvertent tag deletion. (4) Improved export options... To get an XML file to be formatted correctly in XPress, the user needs a way to specify what XPress commands and style codes are to be generated for each XML tag. For now, there is a KyTek utility to do this. But KyTek is working on an approach that will depend only on XSLT and Perl scripts, so that the utility will no longer be required. XMLxt, version 4.0, is available now and costs $400..."

[March 24, 2003] "A Personal Version of XML, Courtesy of Netomat." By Erin Joyce. In InternetNews.com (March 24, 2003). "As the adoption of Extensible Markup Language (XML) spreads to corporate networks, helping computers speak to each other more efficiently over the Web, what about XML for humans? [...] Netomat, a start-up company about to make its public debut at PC Forum starting March 23, 2003 -- Esther Dyson's annual confab of technology visionaries -- may have that answer... the company, launched by a mix of artists, philosophers and early players in the growth of XML, could be on the verge of becoming -- dare we say it -- the 'next big thing.' If only because it's a creation that is not easily summed up. 'It's probably best described as a service,' says Alan Gershenfeld, a founder and co-CEO of Netomat, which was founded in 2001. 'We make it easy to combine multimedia formats: text, images, voice sound, free form drawing, unlimited personal rich media,' said Gershenfeld, a former executive of entertainment software company Activision. And it's XML and Java based, which makes the multi-media authoring tool compatible with both PCs and Macs, with various browsers and various e-mail clients. For a monthly subsciption fee, the Netomat user, consumer or corporate, gets a hosted authoring and messaging application, 30 megabytes of space on Netomat's servers, and the use of the company's communication infrastructure. It lets you manipulate text, images, video, audio -- any digital media -- and with the push of a button you can send the whole creation off in an e-mail, or in today's publishing parlance, update your blog...' ... the XML and Java-based platform consists of a fully integrated family of authoring, server and player technologies designed to work seamlessly with existing formats and protocols. The core innovation underlying the platform is a new XML-based language called netomatic mark-up language (NML). They like to think of it as XML for people to people communications. The company also plans to make its NML source code available to the open source community. 'We believe in open standards, open formats, open protocols. And we want NML to be open. It's part of the philosophy of the company'..."

[March 24, 2003] "The First Taste of Liberty. Sign On Once, Log In Everywhere." By Frank Sommers. In Java World (March 21, 2003). "Prompting a user to separately log into closely affiliated Websites creates an awkward user experience. Web services that rely on one another may not even permit separate logins since they must operate without human intervention. The Liberty Alliance Project specifications provide a single sign-on mechanism for both Websites and Web services. This article explores how Liberty helps federate a user's identities from different service providers and uses that federated network identity to authenticate a user to many Web-accessible services. The article concludes with an example of how two Websites can use single sign-on... Being able to sign on once and log in everywhere may appear to your Website's or Web service's users as magic. But, as this example shows, there is no magic to single sign-on. It's a matter of following the Liberty protocols' message exchanges and trusting authentication decisions issued by an identity provider. The more Websites you must interact with that support Liberty, the more common the single sign-on experience becomes. Currently, only Sun Microsystems' Sun ONE (Open Network Environment) product line supports the Liberty protocols, but Liberty is fast gaining industry support, and dozens of companies have announced plans to Liberty-enable their products and e-commerce Websites. The forthcoming Liberty 2.0 specifications will address issues beyond single sign-on and identity federations -- for instance, they may let you share a user's preferences and other user-specific data as well. While eliminating duplicate login and data entry forms are sure to please your Website's or service's users, introducing Liberty into your Website or Web service architecture can cut down on what surely must be the biggest annoyance in a development project: duplicating functionality. That's because Liberty can help you factor out authentication roles, on the one hand, and services that are consumers of authentication-produced information, on the other. That way you could maintain just one service (or servlet) acting as an identity provider, and your other services can rely on that identity provider's authentication assertions. Instead of developing some application-specific way to exchange security assertion information, Liberty allows you to depend on SAML data structures. As you add services to your infrastructure, those new services can leverage what's already available..." Related resources: (1) "Security Assertion Markup Language (SAML)"; (2) "Liberty Alliance Specifications for Federated Network Identification and Authorization."

[March 24, 2003] "Web Services Reliable Messaging Protocol." By Peter Abrahams. In IT-Director.com (March 24, 2003). "In January a draft Web Services Reliability specification was announced and I wrote expressing some concerns about the specification. My first concern was the noticeably absence of IBM, Microsoft and BEA from the sponsor list. On March 13 it became clear why, when they, along with Tibco, announced their own 'Web Services Reliable Messaging Protocol' specification in this space... The two specifications address the same issue of how to ensure delivery of messages from one web service to another, including the different levels of service ranging from 'at most once' to 'exactly once and in order'. However in their detail of how to do this, the terminology used and the schemas, required they are totally incompatible. Given that many of the other WS specifications have been created by people from both camps, and therefore the parallel development must have been apparent, it is difficult to understand why both specifications have got as far as publication. On initial viewing the 'Web Services Reliable Messaging Protocol' appears more coherent and complete than the previous specification, and its title more accurately describes the specification scope. My next concern was that there was no introduction of the problem space and the solution. In the new specification this has been answered by IBM and Microsoft jointly creating an introductory white paper called 'Reliable Message Delivery in a Web Services World: A Proposed Architecture and Roadmap' which helps to define the need for the specification and outlines how it relates to a set of other web services specifications including addressing, policy, security, trust, encryption, coordination and transactions, and points to the need to develop further specifications relating to metadata exchange, endpoint resolution and transmission control..." General references: "Reliable Messaging."

[March 24, 2003] "Taming Web Services. Emerging Technologies May Bring Order to XML-Based Integration." By John Moore. In Federal Computer Week (March 21, 2003). "In recent months, Web services have begun to sprout in the federal sector. Examples can be found at the Defense Information Systems Agency, the Environmental Protection Agency and the U.S. Postal Service, among other government entities. And Web services may grow in popularity, especially since the Office of Management and Budget is encouraging agencies to use XML when developing their e-government projects. So far, so good. But something is missing from the Web services mix: structure. Yes, standards are in place, but developers may interpret them in different ways. The task of orchestrating multiple Web services is another difficulty. Web services management, in general, is a topic industry leaders have only recently begun to address. This state of affairs is fine for the current crop of relatively simple Web services, but problems arise when organizations pursue more sophisticated deployments. 'I think that Web services are ready for certain applications in the federal government,' said Brand Niemann, a computer scientist at the EPA and head of the CIO Council's XML Web Services Working Group. But he said it's a different story when it comes to applications that require high levels of security or are transaction- oriented. 'Agencies are not ready culturally, nor are we ready technically, to do all that,' he said..." "US Federal CIO Council XML Working Group."

[March 24, 2003] "What's in a Topic Map?" By Michael Classen. From WebReference.com (March 24, 2003). "In our last extension of the XMLMap we closed with a discussion of ontologies and topic maps, both concepts for expressing semantics of resources. I received many questions on the rather abstract nature of these concepts, as well as their practical applications and implications. This installment tries to explain topic maps with examples taken from our daily lives... Topics maps revolve around three basic concepts: Topics, Associations, and Occurrences... Up until now there has been no equivalent of the traditional back-of-book index in the world of electronic information. People have marked up keywords in their word processing documents and used these to generate indexes 'automatically', but the resulting indexes have remained as single documents. The World Wide Web removes the distinction between individual documents and now, indexes have to span multiple documents. Indexes have to cover vast pools of information, calling for the ability to merge indexes and to create user-defined views of information. In this situation, old-fashioned indexing techniques are clearly inadequate. The problem has been recognized for several decades in the realm of document processing, but the methodology used to address it - full text indexing - has only solved part of the problem, as anyone who has used search engines on the Internet knows only too well. Mechanical indexing cannot cope with the fact that the same subject may be referred to by multiple names ('synonyms'), nor that the same name may refer to multiple subjects ('homonyms'). Yet, this is basically how a web search engine works, so it is no surprise when you get thousands of irrelevant hits and still manage to miss the thing you are looking for! Topic maps provide an approach that marries the best of several worlds, including those of traditional indexing, library science and knowledge representation, with advanced techniques of linking and addressing. The author has realized the need for a map to the XML topic; a later installment will deal with XTM and an attempt to apply it to this Web site..." General references in "(XML) Topic Maps."

[March 21, 2003] "Towards Modular Access to Electronic Handbooks." By Caterina Caracciolo (Language & Inference Technology Group, University of Amsterdam, Amsterdam, The Netherlands). In Journal of Digital Information Volume 3, Issue 4 (February 19, 2003). "The paper reports on an ongoing project Logic and Language Links (LoLaLi). The project is aimed at providing an exemplary architecture for an electronic dissemination environment for scientific handbooks. It focuses on a way of facilitating navigation through and access to electronic handbooks by using a WordNet-like concept hierarchy consisting of synsets (sets of synonyms) that are connected to each other and to external sources by semantic relations for navigational purposes... In the LoLaLi project we aim to define what electronic publications should look like: we are especially interested in developing a good hyperlink system to provide access to the content of the handbook. This system should be rich enough to account for the complexity of the domain (the interface between Logic and Linguistics), while avoiding disorientation of the reader. Our prototype focuses on a specific domain, but we believe that we will be able to draw general conclusions on dealing with electronic handbooks in a wider range of domains. The approach uses a WordNet-like concept hierarchy to annotate and access the handbook. It consists of synsets (sets of synonyms) that are connected to each other and to external sources by semantic relations. Concept hierarchies are often used for the purpose of navigating through large collections of documents. They are very useful for the organization, display and exploration of a large amount of information... Concepts in the hierarchy are annotated with a gloss; for instance, the study of language meaning is a gloss for semantics. Moreover, they come with a longer description, provided by the authors of the concept especially for the LoLa hierarchy. The hierarchy consists of a TOP concept, under which there are four main branches: computer science, mathematics, linguistics and philosophy; from each of these concepts stems a branch of the hierarchy, organized by relations of subtopic - supertopic. A concept is a subtopic of another concept if one (and only one) of the following relations holds: (1) is a: epistemic logic is a related subtopic of modal logic; (2) part of: metaphysics is part of philosophy; (3) technical notion: operator is a notion in mathematical logic; (4) mathematical result: Goedel's incompleteness theorem is a mathematical result [theorem] of logic and mathematical logic; (5) computational tool: SPASS is a computational tool for first-order logic, a first-order resolution-based theorem prover; (6) historical view: the concept Frege on quantifiers gives an historical view of the concept quantifiers... Each concept is given a unique identifier and is represented as an XML document in which the following pieces of information are stored... All these pieces of information constitute elements in the XML tree; some of them (e.g., title and gloss) are given an identifier to be individually addressable. Moreover, the XML documents incorporate a set of metadata (Dublin Core compliant) about the document, such as author and date of creation and modification. An extension of the DTD to accommodate bibliographic references is under development, in collaboration with Elsevier Science. The graph structure is coded in a relational table, while descriptions are stored separately because they are typically written in LaTeX and can also contain non-textual objects, such as images. Users do not access the XML base but a static set of HTML documents, searchable and browsable, generated from the XML base at regular intervals..."

[March 21, 2003] "W3C Patent Policy Draft." By Tim Bray. In ongoing (March 19, 2003). "The latest draft, published today, is a landmark. You can't possibly imagine the number of hours of hard thinking and nasty wrangling that have gone into producing it. My personal take is that it's about done and it's good enough and we're not going to end up with anything better... To start with, it's really important to understand that these issues are not simple. I think that most responsible members of the Web communities know what effect we'd like to achieve, but the legal and historical backdrop is insanely complex and achieving the effect you want to is far from easy. Royalty-Free is the Way to Go. The Web is unique and special in that anyone can read up on HTTP or HTML or XML or whatever and start writing software to process them, and not have to worry about paying anyone a royalty. Lots of other areas of technology just aren't like this. If you want to build a DVD player, or a network router, or a VLSI test rig, or many many other things, you have to cough up some serious money for patent rights first. That's one reason why there is lots of Open Source web softwre, but no Open Source DVD players. And, it's one of the nice things about working in Web space. VoiceXML is the Villain The issue that really forced the W3C to think about this was VoiceXML. This is an XML tagset for spoken dialogues, i.e. you say to the vending machine 'Two croissants please', the machine says 'That'll be $4.82, how would you like to pay', you say 'Visa', the machine says 'Insert your Visa card under the flashing light please', etc. VoiceXML was originally cooked up by the 'VoiceXML Consortium', which includes several well-known big names in the telecom and cellular space. And several of them had patents which they claim covered it so you wouldn't be able to use it without a license..." General references in "Patents and Open Standards."

[March 21, 2003] "Using WSDL in a UDDI Registry, Version 2.0." Edited by Anne Thomas Manes and Tony Rogers. Technical Note produced for the OASIS UDDI Specifications TC. Document identifier: uddi-spec-tc-tn-wsdl-20030319-wd. Announced in a posting by John Colgrave; comments are welcome for the next thirty days. The TN defines a new approach to using WSDL in a UDDI Registry. "The Universal Description, Discovery and Integration (UDDI) specification provides a platform-independent way of describing and discovering Web services and Web service providers. The UDDI data structures provide a framework for the description of basic service information, and an extensible mechanism to specify detailed service access information using any standard description language. Many such languages exist in specific industry domains and at different levels of the protocol stack. The Web Services Description Language (WSDL) is a general purpose XML language for describing the interface, protocol bindings, and the deployment details of network services. WSDL complements the UDDI standard by providing a uniform way of describing the abstract interface and protocol bindings of arbitrary network services. The purpose of this document is to clarify the relationship between the two and to describe a recommended approach to mapping WSDL descriptions to the UDDI data structures. Consistent and thorough WSDL mappings are critical to the utility of UDDI. The primary goals of this mapping are: (1) To enable the automatic registration of WSDL definitions in UDDI; (2) To enable precise and flexible UDDI queries based on specific WSDL artifacts and metadata (3) To maintain compatibility with the mapping described in the Using WSDL in a UDDI Registry, Version 1.08 Best Practice document; (4) To provide a consistent mapping for UDDI Version 2 and UDDI Version 3; (5) To support any logical and physical structure of WSDL description. This mapping prescribes a consistent methodology to map WSDL 1.1 artifacts to UDDI structures. It describes an approach that represents reusable, abstract Web service artifacts, (WSDL portTypes and WSDL bindings) and Web service implementations (WSDL services and ports). Tools can use this mapping to generate UDDI registrations automatically from WSDL descriptions. This mapping captures sufficient information from the WSDL documents to allow precise queries for Web services information without further recourse to the source WSDL documents, and to allow the appropriate WSDL documents to be retrieved once a match has been found. Given that the source WSDL documents can be distributed among the publishers using a UDDI registry, a UDDI registry provides a convenient central point where such queries can be executed..." Also in PDF format. General references in: (1) "Universal Description, Discovery, and Integration (UDDI)"; (2) "Web Services Description Language (WSDL)." [cache]

[March 21, 2003] "Mozilla Tightens Up." By Jim Rapoza. In eWEEK (March 20, 2003). "Not surprisingly for an application that is intended mainly as a development platform, the Mozilla Web browser continues its seemingly constant upgrade cycle. Version 1.3 of the browser adds many useful new features, including some effective anti-spam features in the mail client. Other new features in Mozilla 1.3, which was released by the Mozilla Organization earlier this month, include newsgroup filters, automatic image resizing and dynamic profile switching... By far, the biggest and most welcome new addition to Mozilla is the spam filtering capabilities in the mail client. Like the junk-mail filtering capabilities in Mac OS X, the new spam filtering features in the Mozilla mail client use Bayesian filtering to detect probable spam. We could train the client to detect new spam messages simply by identifying which existing messages were and were not spam. The addition of standard newsgroup filters will be welcome to anyone who frequents newsgroups. Using the filters, we could easily identify important messages and threads or, more importantly, avoid annoying flame war threads. A feature obvious in its omission from earlier versions of Mozilla was the ability to switch profiles on the fly. Users instead would have to shut down the browser before switching, a task made more onerous by the fact that Mozilla takes longer to launch than most other browsers. Mozilla 1.3, thankfully, lets users switch profiles without restarting the browser... Also new in Mozilla 1.3 is automatic image resizing, which users can choose to enable or disable. While Microsoft Corp.'s Internet Explorer has had this feature for some time, we prefer Mozilla's because we could switch between an actual size and resized image simply by clicking on the image rather than by searching for the pop-up resize button, as is required with IE. Mozilla 1.3 also includes a demonstration of a capability, code-named Midas, that will be supported in future versions of the browser. Midas lets Web developers add rich-text editable controls to pages using standard script commands. We found this feature interesting but were not sure why it was included--there are already standards-based ways to do basically the same thing across all browsers..."

[March 21, 2003] "Standards: Optional Features or Law?" By Dimitris Dimitriadis. From XML.com (March 19, 2003). ['Dimitris Dimitriadis ponders how software implementers can best be induced to create software that conforms to web standards. It seems that even involvement with a standard's creation isn't enough to motivate some software companies to implement it.'] "In an earlier article, I argued that providing uniform test frameworks and detailed specification formats would enhance interoperability of specification implementations. Technical issues aside, some of which I discussed in that article, there are a few important reasons why this is difficult: corporate politics, on the one hand, and standard organizations' inability to enforce standards on the other. How can we make sure the specifics of a standard are present in products which claim to implement it? [...] since there is no public institution to inspect software construction, why do we even want standards? There are several reasons. First, we want to be sure that information is accessible. Without standards which require information to be accessible, companies have often invested more resources in differentiating their products than in fixing errors. In extreme cases, corporations have released software that is not compliant with standards which the corporation helped create to begin with. Second, we want standards to ensure interoperability, which is not possible if every implementation has a different understanding of what it's supposed to do. Clearly, there needs to be someone who can absolutely indicate what is, and what is not, a successful implementation of a standard. This is the only way to ensure that product A implementing standard X does the same thing as product B implementing the same standard. Third, we want standards to ensure that information is easily exposable. This is especially interesting in the cases where public information is stored in a way that requires particular software to access it. Exposing it through a web interface may not help, since a fully conformant browser may fail to show the information, if the web site producers have decided to write for the mainstream set of browsers in use... "

[March 21, 2003] "The Road to XHTML 2.0: MIME Types." By Mark Pilgrim. From XML.com (March 19, 2003). ['Mark Pilgrim plunges headlong into XHTML 2.0 in this month's installment of his "Dive into XML" column. He starts out on a journey to explore migrating to the latest version of HTML. This first episode includes some of the strange little hacks required to support legacy web browsers.'] "Here's a dirty little secret: browsers aren't actually treating your XHTML as XML. Your validated, correctly DOCTYPE'd, completely standards compliant XHTML markup is being treated as if it were still HTML with a few weird slashes in places they don't belong -- like <br /> and <img />. Why? The answer is MIME types. MIME types are as old as the Web; in fact, they're older. Every page you browse, every image you download, every stylesheet and JavaScript and PDF and silly little Flash movie you view through your browser, all have a MIME type associated with them. For HTML pages, the MIME type is text/html. For XHTML, the MIME type is supposed to be application/xhtml+xml... Mozilla is the only major browser that currently handles application/xhtml+xml correctly; for all other browsers, you'll need to serve your XHTML as HTML, using the old text/html MIME type. But you can't browser-sniff for Mozilla, for instance, by searching for 'Gecko' in the User-Agent, because some browsers (OmniWeb, Opera) have options to lie about who they are, and other browsers (Safari) include the magic word 'Gecko' in their User-Agent string by default. Luckily for us, HTTP has a specific solution for this problem, one which is so elegant (compared to the rest of this mess) that I didn't believe it would actually work until I tried it. Mozilla, in its infinite wisdom, will tell a server that it accepts application/xhtml+xml in the HTTP_ACCEPT header that it sends with every request. That's it. All scripting environments provide access to these HTTP headers; so, armed with this nugget of information, we can devise a variety of ways to serve up the same page as application/xhtml+xml to browsers that claim to support it and as text/html to everyone else..."

[March 21, 2003] "An XML Hero Reconsiders?" By Kendall Grant Clark. From XML.com (March 19, 2003). ['Tim Bray has long been a colorful personality in the XML world. Little surprise then that his recent complaint -- that XML is too difficult for programmers -- garnered a lot of attention. In the XML-Deviant column this week Kendall Clark takes a look at Bray's essay and the reaction it received from the community.'] "Most, if not all of the permanent topics of conversation on XML-DEV revolve around two camps of people: one which thinks aspect N of XML is a wart, the other which thinks N is an elegance. These threads never end because, in part, there is no final or absolute context within which XML is meant to be used. Whether you think of N as a wart or an elegance is context dependent and interest relative. It depends almost entirely on who you are and what you want and need XML to do. In other words, all opinions about XML are equal. Except that that's not really true. All opinions about XML are equal, except some are more equal than others. Among the more equal opinions are ones held by the people who drafted the XML specification. Among that select group of people, as far as XML-DEV is concerned, Tim Bray stands out, if for no other reason than he has consistently contributed to the conversational life of the community. So when Bray, over the course of a few weeks, leads an effort to relocate XML-DEV and publishes a widely-read essay in which he seems to question XML itself, it's time to take a closer look... So what's Bray's beef? It isn't, he says, that XML parsers are so hard to write. If they were, Bray says, there wouldn't be so many of them... The problem is that XML parsers are so hard to use... Specifically, Bray offers the standard lament: DOM processing is inefficient, SAX processing is awkward..."

[March 20, 2003] "Java Business Integration (JBI)." JSR [Java Specification Request] #208. Specification Lead: Mark Hapner (Sun Microsystems, Inc). This JSR extends J2EE with business integration SPIs (Service Provider Interfaces). "Java Business Integration JSR (JBI) extends J2EE with business integration SPIs. These SPIs enable the creation of a Java business integration environment for specifications such as WSCI, BPEL4WS and the W3C Choreography Working Group. The industry is currently on the path to define standards for business integration that form a new layer of standard metadata in the web services stack. While this work is not complete as yet, the general shape of this standard metadata can be seen in the WSCI and BPEL4WS proposals. The industry needs a standard in this space and we look to the recently chartered W3C Choreography Working Group to drive the convergence of these and other related efforts. The JBI SPIs will reflect the industry consensus that emerges from this work. This JSR uses the following terms to further classify this standard business integration metadata. The term 'business protocol' is an umbrella term for the metadata used to describe the interaction between a set of business processes that implement the roles of partners within a larger service composition. The term 'abstract business process' is the metadata that describes how a business process, within a business protocol, choreographs its role in a service composition so that its partner processes understand how to interact with it. It should be noted that the term 'business process' in this context means any actor that participates in the business protocol. In finer grained situations, a 'business process' could be something as simple as a data transformation table or a few business rules. JBI extends the J2EE application packaging and deployment functionality to include JBI Components. JBI Components are an open-ended class of components that are based on JBI abstract business process metadata. The JBI JSR itself does not define how developers code Components. Both standard and proprietary ways of coding Components may exist. A specific class of Component may provide rich business process functionality while another class of Component may provide a specialized integration function like a data transformation table or support a domain specific business rule encoding... JBI extends J2EE 1.4 with SPIs to support business integration. The W3C specifications are building blocks for JBI business protocol metadata. The WSCI and BPEL4WS documents are potential starting points for the W3C Choreography Working Group and therefore indirectly influence JBI. The BEA Process Definition for Java JSR defines the Java APIs and JSR 175 Annotations a Java developer uses to implement a business process. Support for the BEA JSR can be added to the JBI Environment by providing a JBI Machine that supports it. This illustrates the complementary nature of the JBI SPIs and the BEA JSR APIs..."

[March 20, 2003] "Update: Sun Plugs Developer Pack, Specs. Delayed Software Aimed at Web Services Developers." By James Niccolai. In InfoWorld (March 18, 2003). "Sun Microsystems released a package of software and tools for developers on Wednesday intended to jumpstart their efforts at building Web services applications. The product is a few months behind schedule but to spur interest the company is offering a steep promotional discount. At a press conference in Boston Wednesday, Sun also highlighted new training materials and online resources for developers. It also announced a new Java specification for Web services integration that passed a preliminary stage in the Java Community Process this week... The Sun ONE Studio integrated development environment [with] its portlet builder and other tools aims to provide all the Sun software a developer would need to build Web services, an emerging computing model that uses standard languages and protocols like XML (Extensible Markup Language) and SOAP (Simple Object Access Protocol) to link different types of business applications together. Sun is competing in the market against more established software vendors such as BEA Systems, Microsoft, IBM and Oracle... Sun officials also discussed a new Java specification called Java Business Integration (JBI) that aims to unify at least two competing initiatives for automating business processes using Web services. The executive committee of the Java Community Process signed off on Java Specification Request 208 on Monday, according to the JCP Web site. The JCP is a multivendor organization overseen by Sun that approves new Java standards... At least two specifications have been proposed for defining a standard way to orchestrate business processes in distributed software environments, including the Web Services Choreography Interface (WSCI), backed by Sun and BEA, and Business Process Execution Language for Web Services (BPEL4WS) backed by Microsoft and, again, by BEA. 'While this work is not complete as yet, the general shape of this standard metadata can be seen in the WSCI and BPEL4WS proposals,' the JBI proposal reads. 'The industry needs a standard in this space and we look to the recently chartered W3C Choreography Working Group to drive the convergence of these and other related efforts. The JBI SPIs will reflect the industry consensus that emerges from this work.' The JBI will extend J2EE (Java 2 Enterprise Edition) with 'service provider interfaces,' which 'enable the creation of a Java business integration environment for specifications such as WSCI, BPEL4WS and the W3C Choreography Working Group,' the proposal says..."

[March 20, 2003] "JCP Watch: Business Processes, More XML Support and Enhanced Java Platform Support on Small Devices." By Apu Shah. From Developer.com (March 12, 2003). "... new specifications providing Java with business process integration and workflow APIs [have been] proposed along with a proposal for the next generation of the Java API's for XML Processing. In addition, the Executive committee for the Java Mobile Edition platform approved the final specification release for the J2ME CLDC (Connected, Limited Device Configuration) that defines a standard platform for small, resource-constrained, connected devices... Two related, yet complimentary JSR specifications encompassing workflow programming, business process interaction and process co-operation were proposed. [1] JSR-207 Process Definition for Java [Definition of an annotated Java syntax and APIs for programming business processes in Java]: A business process is a set of operations that implement a particular business function. For example, Order fulfillment could be viewed as a business process. For a Java programmer to implement an 'Order fulfillment' business process, the programmer would have to loosely couple various classes and objects into a logical process. There is currently no way of abstracting a series of cooperating objects and interfaces into a single 'process entity' at the source code level. This JSR intends to provide a Java syntax to define and describe business processes at the source code level... [2] JSR-208 Java Business Integration (JBI): In order for business processes to interact with each other a well-specified execution environment must exist. This execution environment should have support for various business process interaction protocols, business process component models and process integration metadata. This JSR intends to define the operating environment for business process components. The JBI framework consists of three (3) specific components. The Environment defines a standard internal representation for business protocol messages based on standard business protocol metadata. JBI Machines are responsible for supporting the lifecycle of a particular class of JBI Components. In some sense, JBI machines and JBI Components are analogous to EJB components and EJB containers. The Environment provides the base business protocol communication infrastructure that allows Components (through their Machines) to communicate with each other and with external services. The Environment also defines a standard Machine packaging model and a standard Machine deployment and instantiation lifecycle. Finally, JBI Bindings are used by the Environment to communicate with external services via specific business protocol bindings..."

[March 20, 2003] "Tip: Use Internal References in XML Vocabularies. Minimize Repetition and Resulting Errors with ID Types and In-Line XPath Queries." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks, XML zone. March 2003. ['In some cases, you can avoid repeating identical data fields by using internal references from one field to another. Uche Ogbuji demonstrates how in this tip.'] "One of the biggest criticisms that traditional database experts level at XML is the fact that its hierarchical nature encourages the sort of repetitiveness that would be banished by relational normalization. This is certainly a valid complaint, and the key to XML's success is that its flexibility and convenience outweigh this failing. Of course, database purists say that XML's advantages only appear to outweigh its problems to the less rigorous. In this tip, I offer a couple of techniques that can help with this in certain cases. However, it is not a general soluton to the problem of XML's hierachical limitations... You should use internal references like this with some care. With the ID method, be sure to maintain the validity of the document, and with the XPath method, watch out for situations where a modification causes the XPath to fail to select the expected result. When designing XML vocabularies, try to minimize repetition wherever possible. You can do this many ways, and internal references can be a handy tool in that effort..."

[March 20, 2003] "Tip: SAX Filters for Flexible Processing. Create a Chain of XML Processes." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks, XML zone. March 2003. ['SAX filters allow you to construct complex XML processing behaviors from simple, independent modules. In this tip, Uche Ogbuji introduces this important XML processing technique.'] "Simple API for XML (SAX) is a very efficient method of XML processing. In SAX processing, the parser passes to the application a stream of events that represents the XML content. An important aspect of SAX is the user's ability to create SAX filters, which accept a stream of SAX events and pass on a modified stream. For example, you might use a SAX filter to take as input XML-ized HTML that uses such deprecated HTML practices as <center> and passes on proper XHTML forms such as <div style="align: center">. Such a filter could then be reused in a broad array of applications very easily because it does a single, focused task, and by design it is separate from the systems upstream as well as downstream from the filter. [Example:] a SAX filter that selects English language sections... XML 1.0 allows you to specify the language used in element content on an element-by-element basis using the xml:lang attribute... Here, I shall create a SAX filter in Python that strips all content that is known to be in a language other than English; in other words, the filter preserves all content that doesn't have an xml:lang designation or has a designation starting with en... SAX is already fast, and SAX filters add some flexibility. As you use SAX more and more, you may find yourself with an impressive library of SAX filters for all sorts of processing tasks..." Also in PDF format.

[March 19, 2003] "W3C Seeks Royalty-Free Standards. Final Review Of Draft Begins." By Paul Krill. In InfoWorld (March 19, 2003). "Looking to formalize its royalty-free standards position in May, the World Wide Web Consortium on Wednesday began the final review period for its patent policy. While emphasizing royalty-free Web infrastructure standards, the W3C plan does allow for exceptions to the policy in rare circumstances such as when a technology needs to be included in a specification but is not available on a royalty-free basis. 'It's a policy which is by default royalty-free [but] by exception allows the consideration of technology that's available other than on a royalty-free basis, and I believe it is a policy which is acceptable to the open-source community,' said Donald Deutsch, vice president of standards and strategy at Oracle and a participant in the working group. The policy, which is subject to a public review period through April 30, is intended to reduce the threat of blocking patents, in which a particular entity seeks royalties for implementations of W3C specifications because of a contributing technology. W3C Director Tim Berners-Lee will then decide whether to issue the policy as a formal W3C recommendation, the final stage of approval. W3C, in formulating its policy, is attempting to prevent patent claims from inhibiting development of its industry specifications, said Daniel Weitzner, chairman of the patent policy working group in Cambridge, Mass. , which developed the policy. 'What has happened recently is we have had more and more situations in which patent claims have impeded the development of new Web infrastructure,' Weitzner said. He cited an incident in which a vendor sought a royalty for use of its technology in the W3C P3P (Platform for Privacy Preference), a standard for machine-readable privacy policy. 'What happened was, first of all, that discouraged a lot of people from putting effort into the work if the money was going to go to just one company,' Weitzner said. The patent policy requires patent disclosures by W3C members when they are aware of their patents being essential to implementation..." See details and references in the 2003-03-19 story: "W3C Releases Proposed Royalty-Free Patent Policy for Review." General references in "Patents and Open Standards."

[March 19, 2003] "W3C Unveils Its Patent [Policy] Plans." By Lisa M. Bowman. In CNET News.com (March 19, 2003). "The World Wide Web Consortium has released what it hopes will be the final draft of its patent policy as it tries to create a mostly royalty-free environment for Web standards development. The standards body has been grappling with the issue of how to deal with patents for more than three years, hoping to strike a balance between those who seek royalty-free standards and those who demand payment for their technologies. On Wednesday, the World Wide Web Consortium's (W3C) Patent Policy Working Group released a final draft of its Royalty-Free Patent Policy, which will be open for public comment for six weeks. The group hopes to have a final plan endorsed by its director sometime in May. The basic premise of the policy, a compromise between open-source advocates and proprietary software companies, is that patented technology can be included in standards development as long as it is royalty-free in most cases. However, the latest draft does contain provisions to incorporate technology into Web standards when that technology does not comply with certain inclusion standards, such as when the patent holder wants to charge fees. In that case, the W3C's Patent Advisory Group will investigate ways to deal with the issue. Some of those methods may include designing around the patent, removing it altogether or halting work in the area. The group also could recommend that the patented work be included in the standard anyway, even if the practice conflicts with the W3C's royalty-free goals. In that case, the public would be allowed to review the licensing terms. 'Some people will look at this and say this is a huge loophole,' said Daniel Weitzner, chair of the W3C's Patent Policy Working Group. 'The way I see it, it gives us the flexibility to look at situations that don't fit in with our royalty-free licensing policy and decide what to do rather than hit a dead end. I think it will be used very rarely'..." See general references in "Patents and Open Standards."

[March 19, 2003] "Sun Aims to Simplify Java." By Martin LaMonica. In CNET News.com (March 19, 2003). "Sun Microsystems, hoping to build support for its Java software, on Wednesday announced new tools and a plan to simplify software development. The company launched Sun ONE Web Services Platform, a suite of applications that includes the Sun ONE development tool and Sun's Java server software components. By combining Sun's Java server software, including its portal and integration software, with its development tools, programmers will have an easier time writing Java applications, Sun executives said. The company is hoping to make Java development a more attractive option for companies that are evaluating tools for building Web services applications. Web services, a programming method for building software that can more easily communicate over the Internet and corporate networks, is quickly gaining popularity. Sun, along with IBM, Oracle, BEA Systems and other software makers, sells products that are based on Java and the Java 2 Enterprise Edition specification, whereas rival Microsoft promotes its .Net tools and software. Development tools don't typically generate huge profits for software makers. But building a large base of loyal developers is a key step in promoting adoption of other, more profitable products, such as portal software and management tools. Sun on Wednesday also said that it plans to update its Sun ONE Studio development tool..."

[March 18, 2003] "The ebXML Messaging Service." By Pim van der Eijk. From WebServices.XML.com (March 18, 2003). "The ebXML Messaging Service specification (ebMS) extends the SOAP specification to provide the security and reliability features required by many production enterprise and e-business applications. As an OASIS Open standard, ebMS is a mature specification, supported by a variety of commercial and open source software implementations. The interoperability of many of these implementations has been demonstrated in a number of ongoing projects internationally. This makes ebMS a strong complement or even alternative to other web service specifications... In this article we examine a specification that deserves serious attention in this context, namely, the the ebXML Messaging Service specification (ebMS). ebMS, endorsed in August 2002 as an OASIS standard, adds security and reliability extensions to SOAP and aligns e-business messaging with other e-business integration standards (like trading partner agreements and business process specification). After three years of development, ebMS has become a mature specification. While it is designed to support the ebXML framework, ebMS is a standalone specification that can be used independently of other ebXML specifications. Prospective users evaluating message service or web services technology have a choice of commerical and open source implementations of ebMS, many of which have been verified for interoperability in implementation pilots... The OASIS Implementation, Interoperability and Conformance TC addresses the requirements for ebXML interoperability, with an initial practical focus on ebMS. The committee is chartered to provide a conformance plan, a set of reference implementation guidelines, a set of base line interoperability tests, and guidelines and direction for third-party creation of conformance laboratories. Many participants in this TC are also active in other interoperability projects. One of the deliverables of this TC is a test framework that allows automation of interoperability testing of ebMS implementations. The ebXML IIC is currently finalizing its Basic Interoperability test suite, which aims at bringing together the various ebMS interoperability test initiatives, thus providing a common interoperability platform. The IIC has also developed the concept of a Deployment Template, first developed for ebXML Messaging. This is an important tool in defining interoperability at the business or usage level. It has been used by EAN-UCC to specify its deployment and implementation guidelines (which include the use of GLN mentioned earlier) in a more systematic way, which is easier to map to ebMS requirements, for users and vendors..." General references in "Electronic Business XML Initiative (ebXML)."

[March 18, 2003] "XML Watch: WBXML and Basic SyncML Server Requirements. Use SyncML to Mobilize Your Data." By Edd Dumbill (Editor and publisher, xmlhack.com). From IBM developerWorks, XML zone. March 2003. ['In the second installment of his quest to make his data available wherever and whenever he wants by using SyncML, Edd Dumbill encounters Wireless Binary XML (WBXML) and examines the minimum functionality required for a SyncML server.'] "In my previous column, I introduced my mission to investigate and deploy SyncML. Increasingly, people are becoming users of multiple devices, depending on location and occupation. When they travel or change devices, they want their data to come with them. This is the central function of the SyncML XML protocol, which is rapidly becoming a checkbox item on the feature lists of today's mobile phones. Last time, I gave a high-level overview of SyncML, and showed what happened when I captured the first SyncML message sent from my Ericsson R520m mobile phone to my Web server. The most surprising thing about this message was that it was encoded not in XML, but in Wireless Binary XML (WBXML). WBXML is a standard developed by the WAP Forum, and is intended to provide a space and a CPU-efficient XML representation. Many XML developers have never encountered WBXML before, as it is largely used in proprietary cell phone networks. However, supporting SyncML requires the ability to handle this encoding, as well as the straight XML encoding. In this installment, I give a brief overview of the WBXML encodings, the steps involved in processing the WBXML encoding of SyncML into XML, and what is required to go back the other way, from XML to WBXML. I also introduce the main elements of the SyncML protocol, to set the stage for creating a SyncML server. The topic of binary notations for XML is one of the more enduring permathreads that have continued through the five or so years of XML developer discussion. At a high level, opinion is divided into two camps: The first of these favors a custom encoding, such as that used by WBXML; the second maintains that compressing normal XML will achieve similar space savings. To me, the second approach has always seemed preferable, as it provides the ability to re-use common and well-known software components. However, the WAP Forum decided to pursue a custom encoding scheme -- WBXML. Along with several other technical decisions made by the forum, this has received its share of criticism over time... WBXML takes a tokenizing approach to encoding XML. The most common constructs -- such as tags, attributes, and attribute values -- are reduced to one-byte tokens, with some literal text left in the clear. WBXML also allows for common strings to be reduced to tokens as well, with the token table sent as part of the document preamble. WBXML implements the equivalent of XML namespaces through code pages. As only 27 tokens are available for elements -- 5 bits, with the values 0 through 4 being reserved -- complex vocabularies need to be multiplexed by organizing token sets into separate code pages. Switching code pages is analogous to switching the default namespace. The WBXML encoding of SyncML uses a code page for each of the DTDs used in the protocol: SyncML, SyncML Meta Information, and SyncML Device Information... The basic requirements for a SyncML client are similar to those for a server. I'll explore these further as I get deeper into implementing the protocol itself in future installments of XML Watch. SyncML employs the semantics of URIs to indicate items on the local and remote databases. This means that a file system would serve as a reasonable substrate for a synchronization database. With this in mind, the next installment will focus on the construction of a basic server that is able to use either WBXML or XML-encoded SyncML..." General references in "The SyncML Initiative."

[March 18, 2003] "Creating SOAP Services with Cocoon." By Steve Punte. From WebServices.XML.com (March 18, 2003). "The Apache Cocoon framework excels at processing and manipulating XML documents, which makes it an easy and ideal platform for SOAP services. All the necessary components exist in the standard Cocoon release, except for one. This article introduces the XmlHttpTransformer, a component which allows mid-pipeline Cocoon elements to operate as SOAP clients retrieving information from external services. Two simple examples are presented with source code available... Apache Cocoon, part of the Apache XML Project and soon to become a top-level project, is a highly flexible web publishing framework for creating application from reusable components. Although reusability is an oft-touted quality of software frameworks, Cocoon stands out because of its XML component orientation. As long as a component accepts and emits XML, it can be integrated into the framework... The examples in this article demonstrate how SOAP-conforming services can be accessed and emulated by manipulating the SOAP header by way of XSL transformations. These examples show that is it possible to implement such solutions with the entire application domain solution captured in various XML documents: for example, XSL stylesheets with content directing components such as SQLTransformer and XmlHttpTransformer. The only new procedural software written, the XmlHttpTransfomer component, is generic in nature, reusable, and independent of any particular application domain... Source code for the two examples and the XmlHttpTransformer component can be freely downloaded..."

[March 18, 2003] "Generate Web Output in Multiple Formats and Languages with StrutsCX." By Bernhard Woehrlin [WWW]. From DevX.com (March 12, 2003). ['StrutsCX overcomes the limitations of the Struts Framework by enabling you to utilize XML, XSLT, and XPath technologies instead of its standard JavaServer Pages.'] "As an open source add-on for the Apache Jakarta Struts Framework (or Struts), StrutsCX has its roots in a pure XML- and XSLT-based, multi-language and multi-layout project. With StrutsCX you can easily generate different output formats like HTML, XML, or PDF using standardized XML and XSL technologies. Struts serves as the ideal server technology to perform these XSLT transformations. StrutsCX also enables you to save and output content in different languages and encodings. Handling information in English, German, French, Spanish, and Italian -- as well as in Chinese, Korean, Arabic, Russian, and any other language in the world -- is simple with StrutsCX... Struts encourages application architectures based on the Model 2 approach, a variation of the classic Model-View-Controller (MVC) design paradigm. The great thing about the MVC design pattern is the relative independence it allows between the Model, View, and Controller. Struts processes all incoming HttpServletRequests in one central point, the Controller, where the ActionServlet, the ActionMapping, and several Action classes are assembled. The ActionServlet dispatches all the incoming HttpServletRequests to one of the Action classes. The ActionMapping object, which you can control through the struts-config.xml file, informs the ActionServlet to which class it should dispatch... StrutsCX combines the elegance of Struts with the power of XSLT. StrutsCX replaces the JSP of the View with XSLT while leaving the Controller and the Model part of Struts untouched. StrutsCX behaves differently than Struts in the following aspects: (1) In the View, StrutsCX uses XSLT instead of JSP. (2) Internationalization is not realized through the Java Resource Bundle technique but through a pure XML solution. (3) StrutsCX does not need any Tag Libraries to present error messages. It uses W3C standards like XML and XSLT/Xpath instead. Despite their differences, you can use StrutsCX in parallel with your existing Struts application. StrutsCX merely abandons some of the standard Struts features and replaces them with XML, XSLT, and XPath..." See StrutsCX as a SourceForge Project.

[March 19, 2003] "Sun Expects Bumpy Ride Ahead With WS-I. [Performance, Measurement & Standards.]" By Paula Rooney. In CMPNetAsia (March 19, 2003). "As it tries to get one of its own on the executive board of the WS-I, Sun Microsystems expects a controversial and politically bumpy road ahead for the interoperability organisation. Ed Julson, Sun's group marketing manager for Java and Web Services, said only two out of 14 proposed WS-I standards being tossed around by founders Microsoft and IBM have been submitted as standards -- WS-I security and Direct Internet Messaging Encapsulation (DIME) -- and that spells possible trouble. 'Take a look at the 14 standards defined by the GXA [Global XML Web Services Architecture], largely by Microsoft and Sun. What about the 12 other specs?' Julson said at the Web Services Edge 2003 East conference, Boston. 'A spec isn't a standard. There will be debate within the WS-I on what is a standard and what is not. WS-I hasn't gotten to the hard part yet'... While the creation of the WS-I organization was praised by a pleased but jaded IT industry, Sun fumed over being left out. However, Sun officially jumped on the WS-I bandwagon late last year and is now lobbying to get one of its executives on the executive board with Microsoft, IBM and Oracle. At the conference, the Sun official hinted that the WS-I could become yet another API battleground that characterized the 1990s. 'We don't want to have to pay a tax,' he said..." See general references in "Web Services Interoperability Organization (WS-I)."

[March 19, 2003] "Web Services Interoperability Organisation (WS-I.org): What's it All About?" By [Staff]. From WebServices.org (March 19, 2003). ['WebServices.org interviews Chris Ferris, on his views of WS-I as IBM's representative to the Basic Profile WG. Chris is an Architect with IBM's Emerging e-business Industry Architecture group and is actively engaged in the development of Web Services and e-business standards. He currently represents IBM on the WS-I Basic Profile Working Group (WG) as editor of the Basic Profile 1.1 specification. He also represents IBM on the W3C Web Services Architecture WG.'] Excerpts: "The main objective of WS-I is to promote and enable the interoperability of Web services, which I believe is the most fundamental aspect of Web services. People are using Web services to integrate their heterogenous computing environments, both within and external to their organizational boundaries. Without interoperability, this becomes an impossible task... First, there is no single standards organization that 'owns' Web services. The W3C is working on some of the foundational technologies such as XML, XML Schema, XML Signatures and Encryption, SOAP and WSDL. OASIS is working on some of the higher-level technologies such as WS-Security, UDDI, Remote Portals, etc. The IETF is responsible for some of the lower-level protocol technologies such as HTTP, TLS, etc. WS-I fulfills a needed function in providing a single venue for integrating the efforts of these various organizations. Secondly, with regards to SOAP1.1 and WSDL1.1, there is no standards organization that 'owns' those specifications; WS-I fulfills a need by providing clarifications and constraints on those de facto standards that will enable vendors and developers to implement and use these technologies in an interoperable manner... WS-I has no plans of defining new specifications for Web services technologies. That is not its role... WS-I recently agreed to address the issue of attachments for SOAP. The Basic Profile v1.1 will incorporate the SOAP Messages with Attachments (MIME) specification and provide a means for describing the use of attachments in WSDL. We expect that this work will be completed in a relatively short period of time, hopefully the technical work will be completed by April of this year and the Basic Profile 1.1 can begin its own review and approval cycle, culminating in the early summer of 2003. Additionally, we are in the process of planning for a Security Profile and will be likely taking on the question of how one can claim conformance of platform and/or tools (e.g., .NET, WebLogic or Websphere) with a profile(s). It should be an interesting and challenging year..." General references in "Web Services Interoperability Organization (WS-I)."

[March 18, 2003] "Industry Execs Discuss EDI's Place in an XML World. Forum Attendees Ask Where .Net fits Into the Equation." By Paul Krill. In InfoWorld (March 18, 2003). "EDI lives and .Net cannot be ignored, said industry executives and audience members at a panel session [in Santa Clara]... Officials from companies such as Oracle, SAP, and Siebel were asked by audience members to explain the advantages of XML-based integration technologies compared to EDI-based integration. They also were criticized for being heavily focused on Java. The executives were participating in a panel discussion on J2EE, XML, Web services, and enterprise application infrastructure at The Yankee Group Integration Technologies Forum, 'Leveraging Web Services & Integration Technologies for Maximum Business Value.' One attendee questioned why standards development would be better or different in XML or the traditional EDI world. 'We're going to have to have XML standards for business transactions themselves, things likes ordering a rail car,' the audience member said. 'It's an issue of business semantics, not technology.' Panelist Jeanne Baker, director of product strategy at Sterling Commerce, said EDI remained valid. Upon the introduction of XML, criticism of EDI as a 'dead man walking' was 'probably a little premature,' Baker said. 'It's not that XML is superior to EDI, but what we should do is take advantage of the fact that everybody is interesting in playing this game,' as far as supporting XML, she said. XML differs from EDI in that when EDI was developed, users wrote their own ERP systems, said panelist Andrew Dent, CTO at Hubspan. 'Now, the battle lines are really drawn at the protocol stack layer, not at the business layer,' Dent said. The EDI X12 format offers a semantic format that should not be ignored, he said..."

[March 18, 2003] "OASIS Eyes Open Web Services Management Specs." By Vance McCarthy. In Enterprise Developer News (March 10, 2003). "OASIS has created a Web Services Distributed Management (WSDM) technical committee to explore technical solutions to managing end-to-end web services. The new committee arises in part out of work begun last fall by the OASIS Management Protocol Technical Committee, which was set up to define a new inter-enterprise protocol for web services... 'As the number of web services deployed across the extended enterprise increases, the ability to effectively manage those services will become critical to building out a comprehensive services-oriented architecture,' said Winston Bumpus (of Novell) and co-chair of the WSDM Technical Committee in a statement... Initial WSDM members include Actional, BMC Software, Computer Associates, Confluent Software, Hewlett-Packard, Hitachi, IBM, Novell, OpenNetwork, SeeBeyond, Sun Microsystems, Waveset and webMethods. For its part, HP plans to contribute to OASIS what CEO Carly Fiorina calls a 'web services management framework' that will provide Java and .NET developers and sysadmins a way to model and design relationships between web services and let companies architect management-ready services that can plug into management tools based on open standards... At the outset of OASIS' work to develop better standards for web services management, IDN interviewed Bumpus about the specific needs of web services management. Bumpus enumerated the top priorities for a new management protocol management protocol (yet to be named): event notification, exception handling, asynchronous communications, service level agreement (SLA) enforcement and state management for traffic between legacy and Internet resources. 'Whatever we do, management needs to encode policy and SLAs,' Bumpus said. Another key item for cross-platform management is what Bumpus calls 'model independence.' He puts it this way: 'If we went down the road and said, 'Let's pick a model', and some vendors came back and said they couldn't support that model, then our interoperability is at risk. SOAP is an RPC mechanism, but it also creates a common model for data encoding, so you can have a level of interoperability you couldn't have before. Also, the new protocol will have to deal with domains that are virtual and dynamic -- not physical.' The protocol will store and exchange management data using XML... We asked Bumpus why, given the fact that most of management protocol is based on information capture and transfer, could XML just be used on top of existing management protocols. 'XML didn't solve the problem of information exchange all by itself,' he said, 'but we will be using XML schema in addition to techniques that enable us to define and validate the information being captured and sent.' The protocol must also support representations of management information (devices and properties) between multiple models, and that required something broader than simply XML, Bumpus said, such as technology based on the DMTF's Common Information Model..." See details in "OASIS Technical Committee Addresses Management of Web Services."

[March 18, 2003] "xDoc Converter. [Product Review.]" By Bill Trippe (New Millennium Publishing). In EContent Magazine (February 2003). ['xDoc Converter is a solid new offering in an important emerging problem space -- the requirement to convert various unstructured data types into XML. While it is a new product that currently runs only under Windows and may not yet support all the source formats you need, its impressive feature set, flexibility, and moderate price make it worth a look.'] "As content management systems become de rigueur in medium- to large-sized organizations, the amount of content under management continues to grow. However, most organizations face an environment where only a fraction of content exists under management. An often-cited number is that 20% of an organization's data is structured and under management, and the remaining 80% is unstructured and either not managed at all or only loosely managed. This includes documents, HTML pages, and other text-heavy objects... Enter XML, which some people view as the natural mechanism for capturing textual data in a more structured form. At the very least, XML allows an organization to capture abstract-style information on documents, and store it along with the document objects to help with applications such as search and retrieval and workflow. Some organizations have introduced XML encoding into the structure of certain types of documents -- technical manuals come to mind. But it is the rare organization still that has large volumes of document-style content encoded in XML... The not so good news is that getting meaningful XML markup into existing content has always been a difficult, labor-intensive process... xDoc Converter is a comprehensive toolkit for taking source content in formats such as Microsoft Word, HTML, and PDF and transforming it into XML-encoded content. It allows nonprogrammers and programmers to collect source data from multiple documents and formats and converts it to XML that conforms to any valid Document Type Definition (DTD) or schema. Version 1.0 of xDoc Converter [from CambridgeDocs], which runs on Windows 2000 and XP, provides a graphical user interface to 'projects,' which are the toolkit's way of organizing source data, converters, and XML-encoded output. The heart of the conversion processing is a set of Standard Transformation Definition Templates, or STDTemplates; the STDTemplates are essentially the rules files that control how various source formats are manipulated to produce meaningful XML... xDoc Converter comes with several predefined STDTemplates that do much of the heavy lifting when the source formats are HTML, Microsoft Word, and PDF. Those who are experienced with XML, though, know there is no such thing as a generic converter from, say, Microsoft Word to XML or PDF to XML... the most complex conversions will likely require the involvement of the programmer, but I found the logic, interface, and command language of xDoc Converter to be very accessible to the nonprogrammer as well. When converting Microsoft Word files, for example, I found it very easy to set tests for underlining, bold, and other emphasis attributes in various kinds of text, and then apply XML tags when found. On the other hand, this tool is for programmers as well, and it seems to offer the openness that programmers like to see..."

[March 18, 2003] "Google Gains Visual Searches. Anacubis Integrates Data Viewer Into Google Web APIs Service." By Cathleen Moore. In InfoWorld (March 14, 2003). "Data-visualization software provider Anacubis this week integrated its anacubis Viewer technology with the Google Web APIs service to allow developers to visually explore relationships between Web sites. The Java- and XML-based anacubis Viewer lets users visually navigate and explore online structured data. The technology automatically creates a visual representation of complex data by representing elements such as people or organizations as pictures or icons and by showing relationships between the elements... Plugged into the Google Web APIs service, the anacubis visualization technology provides the same benefits to developers who are using the Google Web service to create software programs capable of querying more than three billion Web documents, according to anacubis officials. Google uses SOAP and WSDL to let developers program common environments such as Java, Perl, or Visual Studio .Net. The anacubis Viewer also taps SOAP to integrate into the Google Web APIs service..." See also the February 2003 announcement.

[March 18, 2003] "BEA's Latest Survival Tack: Integrated Product Stack." By John Taschek. In eWEEK (March 11, 2003). "With consolidation in the application server space and incredible pressure from IBM, not to mention the lousy economic climate, BEA Systems Inc. finds itself battling not only vendors 100 times its size but also public perception and an analyst community that tends to write it off. But BEA has survived all this -- and has even grown -- through innovation. 'BEA is out-innovating everyone,' said BEA CEO and founder Alfred Chuang during an interview with eWeek Labs at the BEA eWorld Developer Conference earlier this month in Orlando, Fla. Chuang came out charging, low-key style, against IBM's WebSphere strategy, calling it 'serviceware' and saying that IBM consciously keeps the WebSphere components loosely coupled so that the company's huge Global Services arm must be called on to put them all together... Chuang shrugged off open-source application server alternatives such as JBoss -- an enterprise JavaBeans server -- saying, 'We make mission-critical software... You're not going to put JBoss in an intensive-care system. This is mission-critical. This is what we do.' But BEA was close to being out-innovated itself just two years ago, when the company failed to deliver a development environment that gave developers easier access to the BEA application server. At the same time, Hewlett-Packard Co. had purchased Bluestone Software Inc., which was a BEA partner, and it appeared that the Big 3 systems companies -- Sun, IBM and HP -- would smother the relative upstart. HP, of course, kicked out Bluestone, and in moved BEA -- a company dependent on such a strategic relationship to compete with IBM and Sun. BEA's new strategy is in integration. That is, BEA is taking its entire product stack and attempting to ensure that it all works together, can be sold together and is fundamentally on the same development cycle. WebLogic Platform 8.1, for example, expands the integrated development concepts BEA toyed with when it released WebLogic Platform 7.0. Chuang said this is in answer to customer requests for a consistent development environment..."

[March 18, 2003] "The XML.com Interview: Eric Meyer." By Russell Dyer. From XML.com (March 12, 2003). ['The first in an occasional series of interviews with figures from the XML and Web standards community. Russell Dyer talks to Eric Meyer, an invited expert to the W3C's CSS working group. Eric tells Russell how he first got into CSS, his job with Netscape, and his future plans.'] "One of the key players in the Cascading Style Sheets (CSS) world is Eric Meyer. He is also the author of several popular books on CSS: Cascading Style Sheets: The Definitive Guide (O'Reilly 2000), Cascading Style Sheets 2.0 Programmer's Reference (Osborne 2001), CSS Pocket Reference (O'Reilly 2001), and Eric Meyer on CSS (New Riders 2003). He has written over three dozen articles on CSS. Recently I had the opportunity to interview Eric Meyer and learn how he got involved with CSS in such an instrumental way... Meyer graduated from Case Western Reserve University with a degree in history in 1992... Meyer became Case's web master and had been web designing for a couple of years when he discovered CSS. "I never was happy with the whole font tag thing [or the] tables as layout idea. It seemed like we were going through an awful lot of effort to do very simple things." When CSS came along, however, his reaction was one of elation and relief. "I saw a brief demonstration at a conference. I thought, 'Perfect!' I went home and printed out the CSS specification. I started doing stuff that the specifications said were possible, but it didn't work." It turned out that the web browser he was using had not yet adopted the latest CSS standards. From there Meyer began learning about CSS and browser compatibility..." See: (1) W3C CSS home page; (2) general references in "W3C Cascading Style Sheets."

[March 18, 2003] "Using SAX for Proper XML Output." By Uche Ogbuji. From XML.com (March 12, 2003). ['Uche Ogbuji's Python and XML column explains how to use SAX to generate proper XML output: "Generating XML from Python is one of the most common XML-related tasks the average Python user will face; thus, having more than one way to complete such a common task is especially helpful".'] "In an earlier Python and XML column I discussed ways to achieve proper XML output from Python programs. That discussion included basic considerations and techniques in generating XML output in Python code... In this article I introduce an important one that comes with Python itself. Generating XML from Python is one of the most common XML-related tasks the average Python user will face; thus, having more than one way to complete such a common task is especially helpful... Probably the most effective general approach to creating safe XML output is to use SAX more fully than just cherry-picking xml.sax.saxutils.escape. Most users think of SAX as an XML input system, which is generally correct; because, however, of some goodies in Python's SAX implementation, you can also use it as an XML output tool. First of all, Python's SAX is implemented with objects which have methods representing each XML event. So any code that calls these methods on a SAX handler can masquerade as an XML parser. Thus, your code can pretend to be an XML parser, sending events from the serialized XML, while actually computing the events in whatever manner you require. On the other end of things, xml.sax.XMLGenerator, documented in the official Python library reference, is a utility SAX handler that comes with Python. It takes a stream of SAX events and serializes them to an XML document, observing all the necessary rules in the process..." Article includes the regular roundup of what's new in the Python/XML world. General references in "XML and Python."

[March 18, 2003] "Truth in Advertising. [XML-Deviant.]" By Kendall Grant Clark. From XML.com (March 12, 2003). ['Kendall Clark covers recent debate from the XML mailing lists in his XML-Deviant column this week, touching on the controversial subjects of subsetting XML, registries for namespaces, and problems with the XML-DEV list infrastructure itself.'] "In this week's column I will focus on two of the bread and butter issues of the XML development community: XML subsetting and XML namespace management. While both of these issues are among the permanent topics of conversation (that is, 'permathreads') on the XML-DEV mailing list, this time around there are some interesting wrinkles which make reviewing the conversations worthwhile. The subsetting issue, in particular, raises interesting questions about the degree to which a restricted XML profile makes sense in resource-constrained computing environments, as well as the best way to go about documenting and specifying such a subset... According to Elliotte Rusty Harold, Sun's J2ME Web Services Specification (JSR 172) proposes a subset of 'JAXP, XML, and SAX' which has several failings, not least of which is that it is 'not suitable for generic XML processing'. JSR 172 allows, Harold said, 'parsers to throw a SAXParseException when encountering a document type declaration, and to not support non-predefined entity references'. In Harold's estimation, this is a result of the decision taken by SOAP's architects to 'forbid the internal DTD subset'. The important points, it seems, to keep at the forefront in such instances are the ones about interoperability; namely, does subsetting XML hurt interoperability per se, does it matter who or what is employing the subset, does it matter what kind of subset is being used or proposed, and so on. The issue here seems not so much to be that Sun has proposed a subset of XML for use in resource-constrained applications such as mobile phones. Rather, the issue is the more serious one of calling a thing an XML parser when it complains at seeing a document type declaration; or, more to the point, of calling a document a specification of an XML parser which allows conformant implementations reject a document type declaration (2) 'Can the World Have a Namespace Registry?' - While a centralized registry for namespace prefixes may be an ideal solution (though it has technical detractors who make good points), any such registry must exist in the actual world, which is full of political currents and climates in which a registry would be at best tenuous and fragile. Those simply aren't good properties in centralized registries, which need to be bulletproof and tamper-resistant. Even a modest registry needs an operating budget, and a public registry needs regulation and oversight. Given the continuing morass of IT spending and global economies generally, it's not clear one could arrange public monies to fund it. And given the climates of deregulation and privatization to which St. Laurent alludes, it's not clear, if the monies were arranged, that competent and relevant oversight could be arranged..."

[March 18, 2003] "Microsoft Dips Toe in Choreography Waters. Software Giant Surprise Attendee at W3C Meeting." By Paul Krill. In InfoWorld (March 14, 2003). "Microsoft on Thursday [2003-03-13] participated in an industry effort to standardize Web services choreography. Despite initial indications that it would not attend, two Microsoft representatives attended the first meeting of the World Wide Web Consortium's (W3C) Web Services Choreography Working Group held Thursday and Friday at Oracle headquarters in Redwood Shores, Calif. , an Oracle representative said. Microsoft, in a prepared statement pertaining to its attendance, provided little detail on specific goals of its participation and confirmed it still will not formally join the campaign. 'We are interested in following and, when appropriate, participating in working groups. As such, we had two employees attend part of the meeting in order to understand its scope better. No decisions have been made regarding joining. Moving forward, Microsoft continues to stay actively involved on the many different fronts, with varying degrees of participation and input, relative to the standardization process,' the company said. Oracle's representative said that Microsoft is seeking a single standard that that finds a middle ground between the BPEL4WS (Business Process Execution Language for Web Services) specification, authored by Microsoft, IBM, and BEA Systems, and the Sun Microsystems-led WSC (Web Services Choreography Interface) specification. Microsoft wants to have the W3C effort complement BPEL4WS, according to Oracle. Web services choreography is intended to automate interaction between Web services and is considered critical to enabling the integration promise of Web services. Attending on behalf of Microsoft were Alan Brown, who serves as one of the company's W3C representatives, and Greg Meredith, who is in Microsoft's research organization, according to Oracle... Microsoft, IBM, and BEA have not formally submitted BPEL4WS to a standards organization for consideration, unlike WSCI, which is now being considered by W3C. Despite Microsoft's willingness to work with the W3C working group, BPEL4WS still is not being submitted to the organization, according to the Oracle representative. However, BPEL4WS is gaining industry support despite not being under the jurisdiction of any standards organization. It is being implemented in products from companies such as Collaxa and BEA, who are not including WSCI in their systems, despite BEA also being a co-author of WSCI. A Sun representative said it is still too early to see much WSCI support at the product level..." Related references: (1) "W3C Creates Web Services Choreography Working Group"; (2) "Web Service Choreography Interface (WSCI)"; (3) "Business Process Execution Language for Web Services (BPEL4WS)."

[March 17, 2003] "WSRP an Oasis for Portal Deployment." By David Rubinstein. In SD Times (March 17, 2003). "An industry specification for the consumption of Web services in portal front ends, as well as to standardize the way in which content providers write Web services for portals, is advancing through the OASIS standards group, with the technical committee finishing up its work sometime this month... The specification, Web Services for Remote Portals (WSRP), seeks to define a way for Web services to plug into portals, according to Thomas Schaeck, IBM Corp.'s architect of the WebSphere Portal Server and chairman of the OASIS technical committee. Some 25 companies are working through OASIS (www.oasis-open.org) on the effort. 'Perhaps you want to display weather information or stock quotes in a portal,' Schaeck said. 'You would need to write portlets to display each of these. Also, the portals themselves have different APIs, and content providers have to write seven or eight versions of the same portlet for each portal vendor.' Before this effort, he explained, special adapters had to be written to allow portlets to be compatible with numerous portals. Among the goals, Schaeck said, are creating directories of WSRP services that allow services to be plugged into portals without any coding needed, and to allow portals to publish portlets for use in other portals. 'WSRP will create a standard set of operations, and define how to use the operations in a certain order under the WSRP protocols.' Further, he explained, WSRP will establish markup fragment rules that must be adhered to for aggregation within a portal to maintain the correct look and feel. Definitions for HTML and XHTML are the first priority, with WML and Voice XML coming later on, according to a document provided by the OASIS WSRP technical committee. Kinzan Inc., which is on the OASIS committee working on WSRP and Web Services for Interactive Applications (WSIA), believes the standards will help define how a portlet installed in one server can be rendered in another without having to deploy it to the second server, according to director of product marketing James O'Leonard. WSRP also seeks to define how a service is published to a UDDI directory, where it can be found and bound into a portal, Schaeck said..." See: (1) the WSRP TC website; (2) "Web Services for Remote Portals (WSRP)."

[March 17, 2003] "Manage Users With JMS. Use JMS to Build a Unified User Management Framework Within Your Enterprise." By Amit Goel and David Marshall. In Java World (March 17, 2003). ['Many enterprises have a federated set of homegrown and purchased applications that store their own copies of user contact information. In this age of mergers and acquisitions, a company's multiple business units or departments often carry redundant user information. Although most applications only store information about a specific application's users, the same user information is frequently stored in multiple applications. To maintain consistency and avoid customer confusion, these copies should be regularly synchronized, and they can be a challenge to maintain. In this article, we describe a simple solution to this common problem of maintaining consistent user information across various business applications.'] "[To support customer and user profiles] most enterprises today use business applications like enterprise resource planning (ERP), customer relationship management (CRM), supply chain management (SCM), and some homegrown applications for e-commerce. A common communication infrastructure is required to maintain a synchronized list of user profile information among these diverse applications. Any system providing such an infrastructure must ensure that communication among these applications is reliable (even over unreliable networks) so that user information is not lost; user information is accurate and consistent within these applications; and the solution can scale well as new users and applications are added. Given these stringent requirements, protocols like HTTP, FTP, remote procedure call (RPC), and Remote Method Invocation (RMI) are ruled out. These are synchronous protocols, which, by definition, require an active physical connection between the client and server to function reliably. Certainly, a more robust solution is required. Messaging provides the ability for the client and server to operate asynchronously in a disconnected manner, just like email. At the same time, messaging systems like Java Message Service (JMS) offer native support for reliable, guaranteed message delivery. Clearly, if we can send user profile updates to interested applications via messages, we have a solution for our problem. This article presents a real-life, enterprise JMS example that integrates business applications in a simple, flexible, and guaranteed fashion. JMS links enterprise systems together through reliable messages, even over unreliable networks, and promotes decoupling and scalability of the system at the same time. XML's use is particularly important here, as it provides a standard data format for information exchange between heterogeneous systems. Although JMS was not designed specifically for carrying XML payloads, in practice, it provides an excellent means for transporting XML. Together, JMS and XML offer a viable solution for many enterprise integration problems..."

[March 17, 2003] "BEA Upgrades Java Software, All Versions 8.1. Company Presents Unified Platform." By Alan Zeichick. In SD Times Issue 074 (March 15, 2003). "BEA Systems Inc. [has announced] upgrades to its Java server software, focusing on selling the software as a unified, integrated platform, at its eWorld user conference in Orlando, Fla. The products affected include BEA's WebLogic application server, enterprise portal, integration server and the WebLogic Workshop development tool. As part of the upgrade plan, BEA has set all of the version numbers of these products to 8.1. BEA's integrated suite, WebLogic Platform, also is now called 8.1. According to Scott Dietzen, BEA's chief technology officer, the company is using the new product numbering to communicate interoperability. 'We want it all to have one release number. It's no good if people ask, "Does WebLogic Server 8.1 work with Portal 4.3, with Integration 2.7?" You need to unify on the single numbering scheme.' For the updated WebLogic Server, Dietzen said that the changes focus on performance, claiming that the app server is 30 percent faster than the previous 7.0.1 release, according to SPECj benchmarks run internally by BEA; SPECj is a J2EE application server benchmark... BEA also supports the nascent WS-Security and WS-Acknowledgement specifications with this version of WebLogic Server, according to Dietzen, but these work only between WebLogic implementations. Those specs define mechanisms for secure Web services, for 'once and only once' delivery of SOAP transmissions. Dietzen said the company's WebLogic Portal, an application that runs atop the J2EE app server, supports two Java Community Process specification proposals. JSR-168, Portlet Specification, defines a set of APIs for portal computing. JSR-170, Content Repository API, defines an implementation-independent means of accessing relational and nonrelational data sources. Both JSRs were introduced in February 2002, and neither has advanced toward a community or public review stage. BEA's WebLogic Integration Server, which also runs on the app server, now supports XQuery, a SQL-like XML-based query language that BEA submitted to the W3C, as well as BPEL, the Business Process Execution Language jointly defined by BEA, IBM and Microsoft in mid-2002..." See also "BEA Releases Web Services Specifications Supporting Asynchrony, Reliable Messaging, Metadata."

[March 17, 2003] "Actional Boosts Web Services Management. Console, Agent Technology Added to Platform." By Paul Krill. In InfoWorld (March 17, 2003). "Seeking to simplify the management of Web services-based business processes, Actional on Monday will unveil policy management software, agent technology, and an upgraded version of its services broker. The product portfolio is intended to minimize the impact of constant changes inherent in dynamic enterprise Web services environments, the company said. Actional is focusing on helping users visualize interdependencies in service networks, be aware of problems, predict the impact of changes, and respond to planned or unplanned changes... New to the company's portfolio is the Looking Glass console and server, which provides for centralized policy management and enables administrators to monitor complex service networks and improve performance. Network performance statistics and alerts are collected, service network interdependencies are identified, and users can predict the impact of planned service changes, enabling deployment of new applications and services without disrupting service availability, Actional said.. Looking Glass 'allows you to visualize the network' and see dependencies and relations, Phillips said. Actional Active Agents, meanwhile, are platform-specific agents that gather run-time statistics and monitor service activity based on policies defined in Looking Glass. The initial agent supports the Microsoft .Net platform; agents are planned for the BEA WebLogic Server and IBM WebSphere application servers. The company is upgrading its SOAPstation Web services broker. Version 4.0 of the product is an in-network component that manages interactions between applications that provide Web services and systems that consume them. New features include improved performance and integration with the Looking Glass server to enable a federated approach to policy distribution and deployment, according to Actional. The agent and broker can act together on network traffic to transform documents, change document destinations, and enforce security policy, according to Phillips..."

[March 14, 2003] "A Brief Introduction to XACML." A contribution from Sun Microsystems to the OASIS Extensible Access Control Markup Language TC. Last updated: March 14, 2003. Posted 2003-03-14 to the XACML TC mailing list by Anne Anderson (Sun Microsystems Laboratories, Burlington, MA, USA). Note from the contributor: "Sun Microsystems is contributing the attached document, taken from our Open Source implementation of XACML at SourceForge (http://sunxacml.sourceforge.net) to the OASIS XACML TC for possible use as the basis for an XACML Primer. This document itself might be appropriate as an interim Primer until a more extensive document can be prepared. Under OASIS IPR guidelines, the XACML TC is free to modify, extend, or otherwise prepare derivative works based on this document, so long as the derivative work contains the Sun Microsystems copyright notice." From the Introduction: "This web page provides a brief introduction to XACML. For more information about XACML, you should visit the OASIS XACML technical committee's web site. In a nutshell, XACML is a general-purpose access control policy language. This means that it provides a syntax (defined in XML) for managing access to resources... XACML is an OASIS standard that describes both a policy language and an access control decision request/response language (both written in XML). The policy language is used to describe general access control requirements, and has standard extension points for defining new functions, data types, combining logic, etc. The request/response language lets you form a query to ask whether or not a given action should be allowed, and interpret the result. The response always includes an answer about whether the request should be allowed using one of four values: Permit, Deny, Indeterminate (an error occurred or some required value was missing, so a decision cannot be made) or Not Applicable (the request can't be answered by this service). The typical setup is that someone wants to take some action on a resource. They will make a request to whatever actually protects that resource (like a filesystem or a web server), which is called a Policy Enforcement Point (PEP). The PEP will form a request based on the requester's attributes, the resource in question, the action, and other information pertaining to the request. The PEP will then send this request to a Policy Decision Point (PDP), which will look at the request and some policy that applies to the request, and come up with an answer about whether access should be granted. That answer is returned to the PEP, which can then allow or deny access to the requester. Note that the PEP and PDP might both be contained within a single application, or might be distributed across several servers. In addition to providing request/response and policy languages, XACML also provides the other pieces of this relationship, namely finding a policy that applies to a given request and evaluating the request against that policy to come up with a yes or no answer. There are many existing proprietary and application-specific languages for doing this kind of thing but XACML has several points in its favor..." Related references: (1) "Sun Microsystems Releases Open Source XACML Implementation for Access Control and Security"; (2) "XACML 1.0 Specification Set Approved as an OASIS Standard"; (3) general references in "Extensible Access Control Markup Language (XACML)."

[March 14, 2003] "Web Services: The Only Way to Make WiFi Good For Business?" By Peter Judge. In ZDNet News (March 14, 2003). "Iona has developed a Web service software that avoids problems caused by connecting to a corporate network from different Wi-Fi hot spots. Web services are the missing link to make Wi-Fi suitable for business use, according to integration specialist Iona, whose Mobile Orchestrator product featured at Intel's Centrino launch. Mobile computing using Wi-Fi is not good enough for business use until applications are shielded from the unreliability and insecurity of the wireless connection, according to Iona. The company has launched Mobile Orchestrator, a product designed to support distributed business processes across unreliable links... Mobile Orchestrator assumes a 'rich client' and handles interactions using the Web services standards such as SOAP, but running them over FTP, the Internet file transfer protocol, instead of HTTP, the Web protocol. 'SOAP over HTTP is not a reliable connection,' said O'Brien. 'Instead of a reply/request model, we have a store and forward model. This masks the distinction between being connected or not, and optimises the transfer of information.' 'FTP is reliable and secure,' said O'Brien. 'The transport for Web services does not have to be HTTP.' The implementation of SOAP over FTP, developed jointly by Intel and Iona, also checks the document size and the connection speed available to determine the practicality of what it is being asked to do. This lets it automate complex interactions with servers, and co-ordinate offline and online requests. Other transport standards could be used, such as the JMS Java messaging standard, said O'Brien. All this will not reach end users for a while, as Iona first has to persuade systems integrators and value added resellers to adopt the technology. In doing so, they will have to integrate it with workflow and other products. Standards may help here, although they are still being developed, said O'Brien. 'We use a business process language which is close to the BPEL standard being developed, and we will migrate to the eventual standard,' said O'Brien. He expected the BPEL standard to be ready in about six months, and Orchestrator to be in users' hands sooner than that..."

[March 14, 2003] "Web Services Security and More: The Global XML Web Services (GXA) Initiative." By Joseph Chiusano (Booz Allen Hamilton). Presentation prepared for the Conference on Open Source for National and Local eGovernment Programs in the U.S. and EU (March 17 - 19, 2003, Cafritz Conference Center, The George Washington University, Washington, DC, USA). 64 pages, from the slides. Overview of the published GXA specifications within the seven main areas of concentration. "The Global XML Web Services Architecture is an application-level protocol framework built on the foundation of XML and SOAP that is designed to provide a consistent model for building infrastructure-level protocols for Web services and applications. It defines a family of pluggable infrastructure protocols that provide applications with commonly needed services such as security, reliability, and multi-party agreement. The GXA specifications authored by Microsoft, IBM, Verisign, BEA Systems, RSA Security, and SAP. [It is motivated by a] growing need for consistent support of more secure Web services, especially at the levels of inter-enterprise trust, security, and business policy agreement..." See also the Microsoft GXA website with additional references.

[March 14, 2003] "2003 Dr. Dobb's Excellence in Programming Award." By Jonathan Erickson (DDJ Editor-in-chief). In Dr. Dobb's Journal #347 Volume 28, Issue 4 (April 2003), pages 16-17. Special Issue on Web Services. "For nearly a decade, Dr. Dobb's Journal has presented its Excellence in Programming Award to individuals who, in the spirit of innovation and cooperation, have made significant contributions to the advancement of software development... Don Chamberlin, this year's recipient, grew up in Silicon Valley before anyone had heard of that term. He received his bachelor's degree from Harvey Mudd College, and Ph.D. from Stanford, before joining IBM at T.J. Watson Research Center in New York. Don became interested in database software and studied the 'navigational' database languages of the day, including DBTG and IMS. Listening to a lecture by Dr. Edgar Codd, Don had a 'conversion experience' and understood the power and elegance of the relational data model. When IBM consolidated its database research in San Jose and undertook an industrial-strength implementation of Codd's ideas, Don was eager to participate. Don and his colleague, Ray Boyce, believed that programmers needed a new relational database language. The relational languages described by Codd lacked update capabilities, and relied on special symbols that were not found on a keyboard. With this in mind, Don and Ray proposed a keyword-based relational language called SEQUEL, short for 'Structured English Query Language.' SQL was adopted as an ANSI and ISO Standard language in 1986, and the Standard was updated in 1989, 1992, and 1999. SQL is now the world's most widely used database language... With the advent of personal computers, Don became interested in desktop publishing. He led an IBM research group that developed Quill, a document editor/formatter. Quill let users interact with either a logical or physical view of a document, and had specialized subeditors for text, graphics, tables, and mathematics. The logical view of the document was maintained using the Standard Generalized Markup Language (SGML), which gave Don his first introduction to markup languages... With the advent of the Web and rise of XML as a data interchange format, Don saw an opportunity to combine the two major threads of his research career -- database query languages and document markup languages. Don signed on as an IBM representative to the W3C working group on XML Query. Don joined with two other members of the XML Query working group, Jonathan Robie and Dana Florescu, to propose an XML query language called "Quilt". Quilt was chosen as the basis for development of the XQuery language, which is making its way toward adoption as a W3C Recommendation. Don continues to serve as a member of the XML Query working group and as an editor of the W3C working drafts on XQuery..."

[March 14, 2003] "C++WSP: A C++ Web Services Platform. A Native C++ Approach to Web Services." By Khushnood Naqvi and Yassar Sharaafath C.A. (Infosys Technologies Ltd). In Dr. Dobb's Journal #347 Volume 28, Issue 4 (April 2003), pages 18-26. Special Issue on Web Services, edited by Jonathan Erickson. Web services offer an open standards alternative to proprietary middleware. However, enabling existing systems with with web services requires both development and run-time support. To do it with C/C++ based systems, you typically have two options: (1) Java web services via Java requires JNI, which is not considered a robust means of integration; (2) .NET, which onlu works on Microsoft platforms. In this article, we propose a third option: our C++ Web Services platform (C++WSP). C++WSP quickly exposes existing C/C++ systems as web services, and it's more elegant than JNI while avoiding the platform limitations of .NET..." See also the listings and source code.

[March 13, 2003] "Web Services Faces Standards Snarl." By Martin LaMonica. In CNET News.com (March 13, 2003). "A group of software makers, led by IBM and Microsoft, announced a proposal to make Web services messaging more reliable, overlapping an earlier standards effort. IBM, Microsoft, BEA Systems and Tibco on Thursday published a protocol called WS-ReliableMessaging as well as a roadmap for future enhancements. IBM and Tibco both have a large number of customers for their reliable messaging software. The new effort follows the publication in January of another specification that covers essentially the same ground. That proposal, based on the WS-Reliability specification, was written by Oracle, Sun Microsystems, Hitachi, Fujitsu, NEC and Sonic Software. The proposal was submitted last month to the Organization for the Advancement of Structured Information Standards (OASIS), where a committee is set to consider its development... Now that IBM, Microsoft, Tibco and BEA have published WS-ReliableMessaging, they intend to consolidate their work with other standards efforts around reliable messaging. 'Ultimately, we'll want convergence,' said Karla Norsworthy, IBM's director of e-business technology. 'We and the rest of industry will be motivated to drive to a common solution.' IBM and Microsoft indicated that they had technical differences with the authors of the WS-Reliability specification. Unlike its competing proposal, WS-ReliableMessaging was designed to operate well with another Microsoft and IBM-backed Web services standard called WS-Security, Norsworthy said. If adopted, this reliable messaging specification would be able to act as a bridge between incompatible messaging products — something that Norsworthy said the WS-Reliability specification cannot do. The authors of WS-ReliableMessaging have not decided which standards body will act as the forum to settle differences between the two proposals. Norsworthy said she expects that decision to be made within six months. A related standard called WS-Addressing for gaining acknowledgement of a sent message will be part of the proposal..." See details in the news story: "New Web Services Specifications for Reliable Messaging and Addressing." Related references: (1) "OASIS Members Form Technical Committee for Web Services Reliable Messaging"; (2) "Reliable Messaging"; (3) "Web Services Addressing (WS-Addressing)."

[March 13, 2003] "IBM, Microsoft Team on Reliability Spec for Web Services." By John Fontana. In Network World (March 13, 2003). "IBM, Microsoft, BEA Systems and Tibco on Thursday released a pair of Web services specifications designed to answer questions about reliability that have been dogging the emerging technology. The announcement comes just two weeks after the Organization for the Advancement of Structured Information Standards formed its Web Services Reliable Messaging Technical Committee to work on an almost identical specification. IBM, Microsoft and their partners ignored a March 11 deadline to join that effort, which is being led by Fujitsu, Hitachi, Oracle, NEC, Sonic Software and Sun. Instead, IBM, Microsoft and their partners unveiled WS-ReliableMessaging, the same name used by OASIS, and WS-Addressing. The two protocols are designed to guarantee the delivery of messages between applications that may be separated by a number of intermediaries and distributed over a number of platforms. Each of the specifications is an extension to Simple Object Access Protocol (SOAP) and can be used over any transport technology, such as HTTP. The lack of standard protocols for reliability, security, management and business process workflow are the major inhibitors to corporate adoption of Web services technology for integrating systems across corporations... Microsoft and IBM's work on reliability for Web services is a continuation of the pair's push to develop industry standards to help enrich the platforms and tools they are developing to support Web services. Last April, the pair, along with VeriSign, introduced WS-Security, which is now on a standards track at OASIS. Then in August, the duo along with BEA Systems unveiled a specification for business process workflow called Business Process Execution Language for Web Services (BPEL4WS), which has yet to be submitted to a standards body. The pair's reliable messaging work follows the same pattern of releasing a specification independently and soliciting feedback before turning it over to a standards body. IBM and Microsoft did not say when that might happen, but they took just two months to turn WS-Security over to OASIS. The reliable messaging specifications, however, may overlap with work already underway at OASIS in its Web Services Reliable Messaging (WS-RM) technical committee. The scope of both specifications is almost identical..." See the news item.

[March 13, 2003] "IETF Problem Statement." Edited by Elwyn B. Davies (Nortel Networks). IETF Problem Statement, Internet Draft. Reference: 'draft-ietf-problem-issue-statement-00.txt'. February 24, 2003, expires August 25, 2003. "This memo summarizes perceived problems in the structure, function and processes of the Internet Engineering Task Force (IETF). We are attempting to identify these problems, so that they can be addressed and corrected by the IETF community. The problems have been digested and categorized from an extensive discussion which took place on the 'problem-statement' mailing list from November 2002 to February 2003. The problem list has been further analyzed by an editorial team, and is provided as input to the Problem Statement working group." [cache]

[March 13, 2003] "Web Services Choreography Group Kicks Off. W3C Panel to Hold First Meeting." By Paul Krill. In InfoWorld (March 13, 2003). "Officials from major technology companies will gather Wednesday to begin establishing a standard for Web services choreography, which is considered crucial to the growth of Web services usage for business processes. Representatives from vendors such as BEA Systems, Hewlett-Packard, Oracle, Sun Microsystems and Tibco will attend the initial meeting of the Web Services Choreography Working Group, formed by the World Wide Web Consortium (W3C) in January. The meeting is to be held at Oracle headquarters in Redwood Shores, Calif. Noticeably absent, however, will be representatives of IBM and Microsoft, according to Martin Chapman, co-chairman of the working group and Oracle's director of Web services strategy... The group will ponder potential choreography technologies such as Web Services Choreography Interface (WSCI), Business Process Specification Schema (BPSS) and Business Process Management Initiative (BPMI). Another specification, Business Process Execution Language for Web Services (BPEL4WS), from Microsoft, IBM and BEA, is not now being considered because it does not carry a royalty-free condition for its use, said group co-chairman Steve Ross-Talbot, who also is chief scientists at Enigmatec, in London . A royalty-free condition is considered crucial to ensuring adoption of a technology by W3C, so that specific vendors will not be due royalties for each implementation of a specification. While IBM and BEA have expressed intentions to allow their technologies to be used in BPEL4WS without royalties, Microsoft has made no such declaration. BPEL4WS is being deployed in upcoming products from vendors such as BEA and Collaxa..." See: (1) W3C Web Services Choreography Working Group; (2) "W3C Creates Web Services Choreography Working Group."

[March 13, 2003] "Collaxa Readies Web Services Tool. Software Backs IBM-Microsoft-BEA Specification." By Paul Krill. In InfoWorld (March 10, 2003). "Collaxa within two months plans to release a Web services deployment tool that utilizes the Business Process Execution Language for Web Services (BPEL4WS) specification backed by IBM, Microsoft, and BEA Systems. Collaxa Orchestration Server 2.0, which is now available in an evaluation release, is intended to enable developers to publish asynchronous and synchronous Web services and utilize them for transactional business flows, according to Redwood Shores, Calif.-based Collaxa. A console based on BPEL4WS provides for reporting, auditing, and debugging capabilities. The product offers the industry's first implementation of a BPEL4WS-based orchestration server, said Doron Sherman, Collaxa CTO. The primary intention of Orchestration Server is to develop reliable business flows using XML, Web services, and J2EE, Sherman said. The tool provides support for publishing asynchronous Web services and composing Web services for use in long-running business transactions, according to the company. 'Basically, an orchestration server coordinates Web services,' said Sherman . The product backs two proposed standards from IBM, Microsoft, and BEA: BPEL4WS and WS-Transaction. By supporting these, Collaxa can provide a standard way for developing business flows without having to utilize proprietary EAI mechanisms, Sherman said. Developers also do not need to build their own custom architecture, he added. BPEL4WS competes with a Sun-proposed specification, Web Services Choreography Interface (WSCI), although Sherman said there is not complete overlap. BPEL4WS supports both orchestration, for private implementations of interactions between Web services, and choreography, which serves as an external interface for Web services interactions, Sherman said. WSCI only covers choreography, he said. Collaxa anticipates BPEL4WS will become an industry standard, Sherman said. 'We believe IBM, Microsoft, and BEA [are] the industry heavyweights [and they have] the critical mass necessary for making BPEL4WS the de facto standard in the industry,' Sherman said..." General references in "Business Process Execution Language for Web Services (BPEL4WS)."

[March 13, 2003] "U.S. Navy Formalizes XML Management." By Dan Verton. In Computerworld (March 13, 2003). "In a move aimed at making it easier for systems to exchange information, the U.S. Department of the Navy this week announced the creation of its XML Business Standards Council (BSC), the first of four working-level groups that will form the basis for the service's first enterprisewide XML governance structure. Next Thursday, Navy CIO Dave Wennergren will preside over the kickoff meeting of the BSC, which was formed to promote the use of common data elements and objects that make it easier for systems to exchange information. The BCS will coordinate XML component usage within and across the Navy's 23 functional areas, which include human resources and finance, as well as among the Navy and other Pentagon organizations and federal agencies. The BSC will eventually be joined by three groups that will focus on addressing technical standards, policy procedures and training and education. Together they will form the core of the Navy's XML Governance Structure, overseeing XML specifications to support more than 500,000 Navy IT users around the world. The formation of the BCS comes two months after Wennergren issued the Navy's first official XML usage policy and one month after the naming of 23 functional namespace coordinators responsible for developing and managing Navy XML vocabularies. Navy officials said the formation of the BSC will ensure that the entire Navy -- one of the largest organizations to create an XML-focused business structure -- remains interoperable in the future... After studying the issue for a year, the Navy issued its formal usage policy, which Jacobs said provides comprehensive guidance on how to use existing specifications and calls for component reuse whenever possible. It also prohibits the use of proprietary extensions to industry specifications. 'The new policy urges commands to use the specifications from the W3C [World Wide Web Consortium] and other consortiums such as OASIS,' said Jacobs. OASIS is the Organization for the Advancement of Structured Information Standards, a Boston-based e-business standards consortium. 'And if there are conflicting specifications, the W3C takes precedence,' said Jacobs. 'We know there are reasons that developers might want to use other specifications, but for an enterprise that's trying to improve interoperability, that's just going to make it worse.' Patrick Gannon, president and CEO of OASIS, said the Navy's establishment of an XML BSC is a reflection of the Navy's commitment to working with private industry on standards development -- something the General Accounting Office last April criticized the government for not doing often enough. As a member of OASIS, 'the Navy is participating on multiple technical committees, they're developing new specifications, and they're using that activity to ... prevent duplicative efforts,' said Gannon. John Gilligan, CIO of the U.S. Air Force, applauded the Navy's efforts and said the Air Force is working on similar policies and procedures for the use of XML..." See also: (1) "DON Policy on the Use of Extensible Markup Language (XML) of December 2002" (December 13, 2002) and (2) "Navy Preps XML Policy. Policy Seeks to Drive Data Interoperability."

[March 13, 2003] "How Air Force Will Move to Web Services." By Susan M. Menke. In Government Computer News (March 12, 2003). "The Global Combat Support System will be 'one of the main projects using XML messaging' to connect 22 pipelines for supplies, transportation, maintenance and other functions, Sandra L. Swearingen of the Air Force Communications Agency said today. Swearingen, who spoke last month at a meeting of the CIO Council's Extensible Markup Language Working Group, works in the Enterprise Information Division at Scott Air Base, Ill. She said the division is helping Air Force organizations learn how to use XML. 'We haven't seen the Federal Enterprise Architecture yet, but from what we know it looks as if it will be compatible' with her division's efforts, she said. The division plans to use XML tags from the Defense Department's XML Registry in the GCSS strategy, she said, 'and we will submit any standard industry tags' that prove useful to the registry. Once the GCSS framework is interoperable, she said, users could log on once to access all the enterprise systems with permissions managed through the Lightweight Directory Access Protocol... The Simple Object Access Protocol is like a plug's prongs, which connect the appliance to the current through the outlet. But for current to flow properly, the appliance must speak a business language, such as that of the Open Applications Group's OAGIS 8.0 schema... Also at the XML Working Group meeting, PureEdge Solutions Inc. of Victoria, British Columbia, described how the Air Force is converting its 16,000 forms into displayable, fillable e-forms via XML and a PureEdge reader..." See also ASRL [Army Publishing Directorate (APD) Standard Generalized Markup Language (SGML)/Extensible Markup Language (XML) Registry and Library].

[March 11, 2003] "Introduction to the Liberty Alliance Identity Architecture." From the Liberty Alliance Project. Revision 1.0. March, 2003. 14 pages. Abstract: "This paper provides a brief overview of the Liberty Alliance's federated network identity management architecture. The Liberty Alliance's vision is one of a networked world in which individuals and businesses can more easily interact with one another, while respecting the privacy and security of shared identity information." From 'What is Identity?': "...The traits, attributes, and preferences that define individuals make up their identity, while the relationship of the individual with an entity determines which elements of the identity should be shared. This maintenance of privacy and identity control is paramount in the Internet world, yet users also demand ease-of-use and rapid access. What is the best way to balance the two needs? By establishing a federated network identity that links the various user identities together. A federated network identity delivers the benefit of simplified sign-on to users by granting rapid access to resources to which they have permission, but it does not require the user's personal information to be stored centrally. This increases security and delivers better identity control. With a federated network identity approach, users authenticate once and can retain control over how their personal information and preferences are used by the service providers. A federated network identity is also beneficial for businesses because it allows them to more easily conduct business transactions with authenticated employees, customers and partners. The group of service providers that share linked identities and have business agreements in place is known as a circle of trust. The attribute sharing policies within a circle of trust are typically based on the following: (1) A well-defined business agreement between the service providers; (2) Notification to the user of information being collected; (3) User granting consent for types of information collected; (4) Where appropriate, recording both notice and consent in an auditable fashion..." From the posting of Michael Barrett: "We are pleased to announce today the public availability of a white paper detailing the architecture for the Liberty Alliance work and specifications... The new identity architecture outlines the direction Liberty will follow to accomplish its vision of enabling a networked world in which individuals and businesses can more easily interact with one another while respecting the privacy and security of shared identity information. This document and the thinking behind it has already proven to be of great interest to the press and analyst community that has been briefed on our work, and we trust it will be equally interesting to you as you continue to explore the Liberty Alliance. This document and the roadmap for the Liberty Alliance will be a major item of discussion at the upcoming All Participant's Meeting for the Liberty Alliance to be held in San Francisco, April 14, 2003. If you haven't yet joined the Alliance but would like to start taking a more active role, this might be an opportune time for your organization to join. If you would like more information on Liberty Alliance membership please visit [the Liberty Alliance website]." General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization." [cache]

[March 11, 2003] "OASIS Expands Scope of Web Services Management Work." By John Fontana. In Network World (March 11, 2003). "A standards body working on management specifications for Web services admitted on Monday that its original work did not go far enough, so it is regrouping and redefining its goals. The Organization for the Advancement of Structured Information Standards (OASIS) is mothballing its Management Protocol Technical Committee, which began last summer to devise a protocol for managing Web services, and has formed the Web Services Distributed Management (WSDM) Technical Committee. The new committee will not only continue to develop a specification that describes how to implement management using Web services, but will add to that work by defining how to manage Web services themselves. The OASIS group will incorporate management work being done in the World Wide Web Consortium's (W3C) Web Services Architecture Working Group, the Distributed Management Task Force (DMTF), and the Global Grid Forum. 'If we don't define management clearly and quickly, we'll have a piecemeal, proprietary implementation of management for Web services,' says Winston Bumpus, co-chair of the WSDM technical committee and director of standards for Novell. 'In a large, distributed environment, if each service is managed differently [the environment] will be difficult to deploy. It became clear to us in the original charter of the management protocol group that we needed to do more.' Management and security are two high-profile issues inhibiting the nirvana of Web services, which promise to integrate systems across corporate boundaries. Today, many network executives are waiting for those standards to be created and mature before considering the use of Web services outside of their networks or pilot programs. OASIS also is working on security specification for Web services, and that work will dovetail with the management efforts, says Bumpus. The new technical committee will define a specification and management model based on the Common Information Model from the Distributed Management Task Force, says Bumpus..." References in "OASIS Technical Committee Addresses Management of Web Services."

[March 10, 2003] "Navy Forms XML Groups." By Dawn S. Onley. In Government Computer News (March 10, 2003). "The Navy has adopted a formal structure to coordinate the implementation of Extensible Markup Language with the department's systems and applications. The XML Business Standards Council is one of four new groups that will make up the Department of Navy XML Governance Structure, according to a Navy press release. The other three groups will address technical standards, policy procedures, and training and education issues. The structure, consistent with a Navy XML policy issued last December, will 'coordinate XML component usage within and across functional areas, as well as between the Navy and other DOD entities and federal agencies,' the release said. The department has also designated 20 Functional Namespace Coordinators who will head divisions in the Navy, including personnel and logistics, for helping to develop XML vocabularies within their divisions and across the service..." See also: (1) "DON Policy on the Use of Extensible Markup Language (XML) of December 2002" (December 13, 2002) and (2) "Navy Preps XML Policy. Policy Seeks to Drive Data Interoperability."

[March 10, 2003] "OASIS Looks at Web Services Management. Technical Committee Joins With W3C, DMTF, sans Microsoft." By Paul Krill. In InfoWorld (March 10, 2003). "The newly formed OASIS Web Services Distributed Management (WSDM) Technical committee plans to work with the World Wide Web Consortium (W3C) and the Distributed Management Task Force (DMTF) as well as with other OASIS security and Web services concerns. OASIS will align its work with similar efforts at the other organizations. 'I think this is significant in that this new technical committee is going to focus on Web services, not only management using Web services but the management of Web services [themselves],' said Winston Bumpus, chairman of the committee and director of standards at Novell. The committee plans to base its work on the DMTF CIM (Common Information Model) and expand that model to include Web services, Bumpus said. The OASIS WSDM 1.0 specification is targeted for completion in January 2004. The new OASIS committee replaces the OASIS Management Protocol Technical Committee, which did not cover management of Web services. Among the participants in the WSDM committee are BMC Software, Computer Associates, Hewlett-Packard, Hitachi , IBM, Novell, Sun Microsystems, and webMethods..." See other references in "OASIS Technical Committee Addresses Management of Web Services."

[March 10, 2003] "Standards Group Tackles Web Services." By Martin LaMonica. In CNET News.com (March 10, 2003). "Hoping to accelerate the use of Web services, a standards group on Monday said it will create a technical committee to tackle the problem of managing Web services applications. The Web Services Distributed Management Technical Committee at the Organization for the Advancement of Structured Information Standards, or OASIS, will define methods to monitor the performance and security of Web services, the organization said. Web services is an umbrella term for a set of standards and techniques to build applications that can easily communicate... The committee will work with ongoing technical developments at other standards bodies, including the World Wide Web Consortium and the Distributed Management Task Force. Networking company Novell and IBM are co-chairs of the Web Services Distributed Management Technical Committee at OASIS. 'Just as security is a prime concern for our customers looking to deploy Web services, so too is the need to effectively manage those distributed Web services across their organizations,' Winston Bumpus, director of standards for Novell, said in a statement... The latest standardization efforts have focused on capabilities needed for more widespread Web services usage. OASIS said it has formed committees to shepherd the completion of standards around security, reliable messaging and structured business documents..." See details in "OASIS Technical Committee Addresses Management of Web Services."

[March 10, 2003] "Microsoft Delivers New Office Beta, Beta Includes One Note, InfoPath XML-Based Apps." By Ed Scannell. In InfoWorld (March 10, 2003). "With the second beta of Office 2003 expected to be doled out to a record 500,000 users on Monday, Microsoft continues its mission to broaden the suite's appeal to both corporate and mid-size companies by including three new XML-based applications. The new beta includes for the first time the company's One Note and InfoPath, both XML-laced applications that make it easier for users to create and access data between the two as well as among the other Office applications. The beta also features a collection of improved 'cross-application' features shared by all members of the desktop suite, including ink support, document and meeting workspaces, a research task pane, and Internet faxing. But how successful One Note and InfoPath will be in attracting new users or enticing existing ones to upgrade -- something Microsoft needs to do to keep the enormous Office revenue stream flowing -- remains to be seen, according to some industry observers. Some think many users may not want to climb the learning curve associated with InfoPath, a product that is more for IT administrators than desktop users... OneNote allows desktop, laptop, and Tablet PC users to capture and organize their notes, including handwritten notes. Company officials describe it as a 'staging area for preparing thoughts and ideas' before they are shared with others. Microsoft said last week that 30,000 users have already signed up for the beta. InfoPathuses XML to help desktop users pull a wide range of data together from all the Office applications into a single form that, in turn, can automatically update information among multiple applications. While both applications will be in beta two, company officials continued to say last week that they have not made a decision as to whether they will bundle them into the finished suite, which is expected to be delivered around mid-year... Another new application being included is the Business Contact Manager, an add-on product for Outlook that is being aimed largely at mid-size companies. The product is designed to help users manage business contacts and track sales opportunities... Along with delivery of the new Office beta, Microsoft will again attempt to get users and developers focused on what it is now calling Microsoft Office System 2003. This is a strategic concept that aims to tie tightly together Office 2003 and the upcoming Windows Server 2003 with a number of XML-based products and technologies, including Windows SharePoint, information rights management, and intelligent mail management. Office 2003 should play a particularly key role in this concept, given that a huge amount of corporate data still lives on and has access by desktop systems... Playing a part in crystallizing the vision of seamless interaction between server and client is the newly named Windows SharePoint Services, which will be built into Windows Server 2003. Through Windows SharePoint, Office 2003 users will be able to set up online server-based collaborative meetings, allowing multiple users to work on a single document at the same time, for instance..." See "Microsoft Ships Beta 2 Version of Microsoft Office System."

[March 10, 2003] "Microsoft Rebrands Office For Enterprises." By Joe Wilcox. In CNET News.com (March 09, 2003). "Microsoft on Monday plans to rebrand its flagship productivity suite as 'Office System,' in an attempt to reposition the software as a base on which businesses can custom-build products... As part of the rebranding, Microsoft is adding Office to the name of the individual applications. For example, Word 2003 would now be called Office Word 2003, or Outlook 2003 would be Office Outlook 2003. Office System represent the brand covering the whole family of products, which includes Office 2003, Publisher and Visio, among other desktop software. The change, along with widespread support for Extensible Markup Language (XML) throughout the suite, is part of a deliberate effort to focus less on individual applications and more on Office as a 'platform' for enterprise development, said Gartner analyst Michael Silver... The rebranding comes as Microsoft looks to give enterprises new reasons to upgrade Office versions, at a time when the software giant is its own worst competitor. Office accounts for more than 90 percent of the productivity suite market, according to analysts' estimates. But many businesses have been slow moving on the upgrades, typically skipping one version or more between upgrades... Office, along with Windows, is one of Microsoft's two flagship products. In the most recent quarter, Microsoft's Information Worker division, which is largely made up of Office, accounted for $2.4 billion of $8.5 billion in revenue, or about 28 percent. That figure is down from more than 40 percent of revenue a few years ago. If successful, Microsoft's branding strategy could help 'recharge Office sales,' Silver said. More than any other Office release, Microsoft has focused on turning the new suite into a single package that can act as a front end to existing customer relationship management (CRM) and enterprise resource planning (ERP) systems. New Office product InfoPath will anchor the CRM and ERP push, although analysts say that Microsoft will position the whole suite as the front end for these applications... Office's widespread use of XML is largely responsible for this front-end enterprise repositioning of Office, analysts say. Using XML, Microsoft wants to move to a more data-centric model, putting less emphasis on individual documents. 'Our focus on Office 2003 is data interchange,' said Jean Paoli, Microsoft's XML architect. 'For now, there is no difference between documents and data. We finally made those one in the same.' Businesses could use XML to move data throughout their enterprise, with Office as the front-end system. This is a potentially important move for Microsoft, since so much data is generated in Office. 'People think of putting data in a database, when 90 percent of their information is in a document,' Paoli said. XML would allow easier interchange of data generated in Office documents with back-end systems or existing Web services..." See:

[March 10, 2003] "BEA Eyes Standards Implementations. Third-Parties Back BEA at eWorld." By Paul Krill. In InfoWorld (March 10, 2003). "BEA Systems at its eWorld conference in Kissimmee, Fla. , [last] week took steps to promote two proposed standards for XML and Web services, including its own XMLBeans technology. The company also unveiled its WebLogic Platform 8.1 suite at the show and plans to standardize and make publicly available XMLBeans, which was announced in January. XMLBeans allow developers to access and manipulate XML information from within Java without having to make trade-offs between the XML data structure and forcing tedious coding to connect different programming languages, BEA said. An implementation of XMLBeans for public consumption is due in 2003. The company also will release a reference implementation of JSR (Java Specification Request) 181 [Web Services Metadata for the Java Platform], a Web services metadata proposal that defines how to use Java classes with declarative annotations to build enterprise-class Web services. A public draft of the standard is expected from the JSR expert group this summer, and a BEA plans to provide a reference implementation shortly afterward, according to the company... Blue Titan announced availability of Blue Titan Network Director for BEA WebLogic, a Web-services networking product for the WebLogic platform. The product provides enterprises with a unified control layer that brings security, reliability, and manageability to Web services, according to Blue Titan. Web-service events and notifications from Blue Titan can be accessed in WebLogic Portal. ComergentTechnologies announced a partnership with BEA in which the WebLogic Server and Integration products will be paired with the Comergent E-Business System for automating demand-chain business processes. The companies will jointly identify business opportunities. Separate from eWorld, Comergent announced industry-specific offerings based on Comergent E-Business System 6.3. New products include Comergent for Automotive, Comergent for Franchise, Comergent for High Tech/MicroElectronics, and Comergent for Industrial. SandCherryis partnering with BEA to offer speech and multimodal capabilities to businesses relying on WebLogic Server and Portal for customer service, workforce management, content and messaging applications. SandCherry'sSoftServer platform can provide applications with managed access to speech recognition, text-to-speech, and announcement components from vendors such as AT&T Labs, Elan, Nuance, SpeechWorks, and Telisma. The product enables delivery of audio components for voice and multimodal applications..." See: (1) "BEA First to Unify Application Development and Integration into a Single Software Environment. BEA WebLogic Workshop 8.1 Offers Breakthrough in Time to Value, Dramatically Increases Developer Productivity"; (2) "BEA Systems Drives Convergence of Application Integration and Application Development with BEA XMLBeans. Technology Innovation Revolutionizes Java and XML Interoperability and Increases Productivity for Java Developers."

[March 10, 2003] "Sun Signs Pact for UML Tool." By Michael W. Bucken. In Application Development Trends Volume 10, Number 3 (March 2003), page 9. "Sun Microsystems Inc. today disclosed plans to bundle a new version of the Describe UML modeling tool from Embarcadero Technologies with the SunONE Studio Integrated Development Environment. The non-exclusive pact follows an earlier joint development agreement that led to the creation of a SunONE version of the tool. Craig Keller, director of design and modeling tools at San Francisco-based Embarcadero, said the initial agreement calls for Sun to recommend the UML tool to customers, but to quickly begin distributing an evaluation CD of Describe with each shipment of the SunONE development tools. Keller said the new SunONE toolset is the first implementation of Release 6.0 of Describe, which he depicted as a fully rearchitected, UML-driven, integrated modeling development environment leveraging common standards and 'progressive' graphics. He noted that the new version also incorporates the UML 2.0 specifications set by the OMG standards body and supports the OMG's XML Metadata Interchange (XMI) standard. Implementations of the new version for IBM's WebSphere Studio and Borland Corp.'s JBuilder toolsets will ship soon, Keller said, though he would not disclose specific release dates..." See: (1) the announcement; (2) "XML Metadata Interchange (XMI)"; (3) "Conceptual Modeling and Markup Languages."

[March 10, 2003] "Principles of SOA." By Jason Bloomberg. In Application Development Trends Volume 10, Number 3 (March 2003), pages 22-26. "The Web services honeymoon is over. Numerous enterprises have built their Web services pilot projects and have proven to themselves that this most recent evolution of distributed computing technology can reduce integration and development costs substantially. In addition, critical Web services standards are falling into place, and vendors are coming to market with robust security and management products. It is time for forward-looking enterprises to take the next step. The next step for many companies is to move beyond simple point-to-point applications of Web services to a broad application of Web service technologies both within the enterprise and among business partners. This move requires an architectural change to loosely coupled, standards-based Service-Oriented Architectures. More than a new architectural approach, such architectures require a different perspective on the role of IT in the organization. The role of the service-oriented architect, therefore, is critical to the success of companies looking to achieve the substantial returns business agility can provide. Today's enterprise architect must understand the practice of Service-Oriented Architectures..."

[March 10, 2003] "B2B Comes Back On A Smaller Scale." By Colleen Frye. In Application Development Trends Volume 10, Number 3 (March 2003), pages 28-33. "B2B marketplaces or exchanges, where buyers and sellers come together to do business over the Internet, have morphed considerably since the heady dot-com days. It was a grand vision: Hosted, public exchanges would transact billions of dollars in e-commerce, streamline business processes, and cut costs out of the supply chain for both competitors and trading partners. That vision has now been scaled back, and business plans have been altered to better fit the needs of supply-chain management. And yet, while many public exchanges have gone out of business or consolidated, some consortia-run exchanges and, more significantly, private trading exchanges and B2B portals restricted to trusted business partners are successfully conducting business and gaining efficiencies in the supply chain..."

[March 07, 2003] "Sun Set to Release StarOffice Beta." By Peter Galli. In eWEEK (March 07, 2003). "Sun Microsystems Inc. will release the first beta of StarOffice 6.1 next week, further heating up the competitive war in the office desktop productivity market. News of the upcoming StarOffice 6.1 beta, which is focused on the corporate and enterprise customer, follows that from Corel Corp., which on Wednesday unveiled the first beta of WordPerfect Office 11, expected to be available in North America late next month... Sun's product line manager for StarOffice, Iyer Venkatesan, told eWEEK in an interview Thursday that the first StarOffice 6.1 beta will be available as a free download for the general public, but will be limited to 50,000 participants. 'We are screening participants in the first beta to make sure all the platforms and languages are fully represented. 'We have already had more than 10,000 pre-registrations for the beta and are also working with our current enterprise customers to participate in the program,' he said. The first beta program will run for about two months, followed by a second beta in early May that will be restricted to a handful of enterprise customers and a few public consumers. That program will also run for about two months, with the final release of the product slated for early fall. 'The 6.1 release is really an enterprise-focused release, and a lot of the feature-set is geared toward the larger corporate market as opposed to the consumer market. We have added accessibility to the product, which allows people with physical disabilities to use it. 'This will now help us promote the product with the U.S. government and its agencies, as it now meets the government requirement that all the products it standardizes and uses are accessible,' Venkatesan said. Sun is also working on a new set of configuration tools, the StarOffice Configuration Manager, to help system administrators and network administrators install, deploy and manage StarOffice across the enterprise. Sun will also release a software developer kit (SDK) for StarOffice 6.1, and will include a lot of new technologies to allow localization in regions with complex languages -- those, such as Hebrew, Hindi and Arabic, that require bidirectional text and complex text layouts..." See general references in "OpenOffice.org XML File Format."

[March 07, 2003] "Using Topic Maps to Extend Relational Databases." By Marc de Graauw. From XML.com (March 05, 2003). ['Marc de Graauw shows how to make databases more adaptable with Topic Maps.'] "Relational databases are great for storing structured data which conforms to a well-defined relational database schema. They are not so good at storing information that does not conform to such a schema. Since user requirements inevitably change, this means costly database upgrades. To avoid too many such upgrades, in a larger database one often sees provisions which allow users to add relevant information which does not fit nicely in the database schema. The lowest-level extension is a free-text field in a record which allows users to add textual data. Another common extension is the introduction of user-defined value lists. While such mechanisms are powerful, they are not standardized and do not easily allow the interchange of data. Topic Maps provide a very flexible and robust way to add arbitrary data to a relational databases at runtime. Moreover, Topic Maps come with a predefined exchange mechanism -- the XML Topic Maps (XTM) interchange syntax -- to allow data to be exported to XML... Topic Map paradigm provides a powerful way to add data to a relational database at runtime in a very flexible and powerful way. Topic Maps provide an excellent technique to overcome the natural limitations of relational databases: the constraining nature of the database schema. An added bonus is the ability to export the data as an XTM file, thus enabling interchange with other Topic Maps." The sample database with demo XTM generation code is available online. See general references in "(XML) Topic Maps."

[March 07, 2003] "The HyTime Topic Maps (HyTM) Syntax 1.0." By Martin Bryan. In (March 07, 2003). ISO/IEC JTC 1/SC34 Information Technology -- Document Description and Processing Languages. ISO 13250 Project deliverable for review and comment. March 08, 2003. Status: "A first stab at defining HyTm, still incomplete." Abstract: "This specification defines a HyTime Topic Maps 1.0 (HyTM) syntax for topic maps based on the use of SGML architectural forms defined in ISO 10744, the Hypermedia/Time-based Structuring Language (HyTime). The syntactical expressions in HyTM documents are constrained using HyTime architectural forms that can be used to identify element types and attributes used to generate topic maps, together with explanatory prose and comments, while their interpretation is defined using The Standard Application Model for Topic Maps (SAM). Note that this is only a syntax specification; what the syntax represents is defined by SAM. This specification replaces the original definitions of the architectural forms defined in ISO 13250:2002..." From the Introduction: "A HyTM topic map is a topic map that has been identified from a DTD conforming to the HyTM syntax that consists of a topicmap conformant element with descendants. A HyTM resource is a HyTime conformant SGML or XML document that contains one or more HyTM topic maps. In a process known as deserialization, each HyTM topic map is read by a topic map processor, which produces from it a representation of the Standard Application Model (SAM), by following a procedure equivalent to the one defined in Clause 3 of this specification. The deserialization procedure is defined as a transformation that takes an element item from the HyTime Property Set defined in the HyTM Grove Plan as input and produces a Standard Application Model instance as output. This specification does not concern itself with the means by which the HyTime Property Set used as input is produced. In most cases it will be produced by SGML architectural processing, but other possibilities are specifically allowed, including parsing an XML document, architectural processing based on W3C Schema abstract types or XSLT transformation from other XML syntaxes..."

[March 07, 2003] "Prototyping One-to-many Links with XSLT." By Bob DuCharme. From XML.com (March 05, 2003). ['Bob DuCharme explains how to use XSLT to prototype different representations of one-to-many links.'] "In the ongoing debate about the future of linking, a key topic is the representation of one-to-many links. There are several ways to implement them, mostly by using JavaScript code to create pop-up menus, but the only standard way to represent them is W3C XLink extended links, and these have not caught on. While reading Micah Dubinko's SkunkLink proposal, I noticed his nested a links and thought they were a nice, simple way to represent one-to-many links. Before telling people 'this is how XHTML should represent one-to-many links,' I thought it would be better to get a working prototype running. How could I turn nested a elements into working pop-up menus? With an XSLT stylesheet, of course. Because Internet Explorer and Mozilla can dynamically apply a stylesheet to an XML document when you ask them to display that document, it makes a particularly nice demo: you bring up the document that has nested a elements, and pop-up menus appear when you click on them. So I did it; though it doesn't work with all releases of all browsers on all platforms, about which more later. I originally thought that I'd explain how in this column, but I don't want anyone to think that I'm pushing nested a links as a general-purpose link architecture, or that the particular JavaScript library that I used is the best way to implement one-to-many links, or even that pop-up menus are the best UI for representing one-to-many links. My goal is to show that XSLT is a great way to demonstrate how to turn any link architecture into something that can demonstrate the value of that architecture..."

[March 07, 2003] "The Social Meaning of RDF." By Kendall Grant Clark. From XML.com (March 05, 2003). ['The W3C is about to undertake a discussion of what the social meaning of RDF is -- what the real world import is of an RDF statement. Kendall Clark previews the debate and recent related discussion.'] "RDF is frequently described as a tool for representing knowledge, but therein lies a hornet's nest of deeply conceptual questions, better left undisturbed if you can help it. Sometimes, however, the hornet's nest has to be overturned because it is necessary to address the deep conceptual questions directly. The formal blessing of RDF specifications, especially 'RDF Concepts and Abstract Syntax', is a case in point. In what remains of this column, I review some of the vigorous debate surrounding one troublesome section of this document, section 4... there remain significant issues to be resolved before RDF Concepts progresses in the W3C recommendation process. There are at least two different kinds of difficulty. First, these issues (knowledge representation, the relation of formal and social systems, the meaning of meaning, and so on) are simply very difficult. If they were easy, we would have had something like RDF a long time ago, or at the least there would be even more unemployed philosophers and logicians around. Second, these issues cut across areas internal to the institutional politics of the W3C and its constitutents..." See W3C Social Meaning Discussion - Agenda. General references in "Resource Description Framework (RDF)."

[March 07, 2003] "Web-Services Policy Language Use-Cases and Requirements." Edited by Tim Moses (Entrust) Contributors: Anne Anderson (Sun Microsystems) and Simon Godik (Overxeer). Produced by members of the OASIS Extensible Access Control Markup Language TC. Committee Working draft version 01. 7-March-2003. Document identifier: wd-xacml-wspl-use-cases-01.doc 19 pages. A first draft of the WSPL use-cases document, posted by Tim Moses (Entrust) to the OASIS TC mailing list. Abstract: "This working draft defines use-cases for negotiating a variety of forms of policy in the Web-services architecture. Its purpose is to identify the policy requirements of the Web-services application domain and the shortcomings of XACML when applied to that domain." From the Introduction: "XACML is potentially well suited to serve the policy needs of the Web-services application domain. This document explores the requirements for XACML when used in that domain, in order to identify XACML's shortcomings. Several aspects of policy are considered, including: cryptographic-security policy, authentication policy, authorization policy, privacy policy, reliable-messaging policy and transaction policy..." Related references: (1) XACML 1.0 Specification Set Approved as an OASIS Standard; (2) "Extensible Access Control Markup Language (XACML)." [cache .DOC, source]

[March 07, 2003] "Web Services Description Language (WSDL) Version 1.2." Edited by Roberto Chinnici (Sun Microsystems), Martin Gudgin (Microsoft), Jean-Jacques Moreau (Canon), and Sanjiva Weerawarana (IBM Research). W3C Working Draft 3-March-2003. Version URL: http://www.w3.org/TR/2003/WD-wsdl12-20030303. Latest version URL: http://www.w3.org/TR/wsdl12. Change log. Produced by members of the Web Services Description Working Group as part of the W3C Web Services Activity. See the archives for the public comment list and discussion list. Document also available in non-normative formats PDF and XML. "Web Services Description Language (WSDL) provides a model and an XML format for describing Web services. WSDL enables one to separate the description of the abstract functionality offered by a service from concrete details of a service description such as 'how' and 'where' that functionality is offered. This specification defines a language for describing the abstract functionality of a service as well as a framework for describing the concrete details of a service description. The companion specification, WSDL Version 1.2: Bindings defines a language for describing such concrete details for SOAP 1.2 (SOAP 1.2 Part 1: Messaging Framework), HTTP (IETF RFC 2616) and MIME (IETF RFC 2045). WSDL describes Web services starting with the messages that are exchanged between the service provider and requestor. The messages themselves are described abstractly and then bound to a concrete network protocol and message format. A message consists of a collection of typed data items. An exchange of messages between the service provider and requestor are described as an operation. A collection of operations is called a port type. A service contains a collection of ports, where each port is an implementation of a portType, which includes all the concrete details needed to interact with the service..." General references in "Web Services Description Language (WSDL)."

[March 07, 2003] "Web Standards Burnout Decried. Industry Panel Predicts Return to Core Internet Values." By Paul Krill. In InfoWorld (March 07, 2003). "Over-standardization, royalty-free standards, and browser wars were on the minds of industry dignitaries serving on a panel discussing the future of the Web at the XML Web Services One conference here on Thursday. Panelists from consulting services, Sun Microsystems, and Layer 7 Technologies covered these and other issues. 'The Web has become synonymous with the Internet, but I think we're going to see a return to the original diversity' of the Internet, minus command line interfaces, said Jeff Suttor, staff engineer for Web technologies and standards in the Java Web services group at Santa Clara, Calif.-based Sun Microsystems. Suttor had strong feelings about the proliferation of Web standards and royalty-free standardization. 'I think we're suffering from standards burnout,' and Suttor. 'The problem that I've seen with standards is it's such a good idea that everybody has one,' he said. Suttor joked that there are no more alphabet combinations left for acronyms to represent new standards. He also urged that standards be derived from a community-oriented process and not be imposed in a top-down fashion. Suttor stressed that standards must be royalty-free, echoing the recent sentiments of other Sun officials. 'When I go for a cup of water, I'm willing to pay for the water. I am not willing to pay for a proprietary patent on using a cylindrical device' to hold the water, said Suttor... Panelists also debated the direction of browsers. 'We really need XML browsers rather than Web browsers,' Freeman said. Sun's Suttor criticized the use of Internet-sniffing technology to steer users toward a specific browser that may not be of their choosing... 'In the future, the Web is going to escape the browser, and I think that's going to be a very good thing,' Suttor said. Although panelists debated the merits of the Mozilla browser, TouficBoubez, CTO at Vancouver, British Columbia-based Layer 7 Technologies, said he believed the browser war was over..."

[March 07, 2003] "XML for Data: Reuse It Or Lose It. XML Reuse in the Enterprise." By Kevin Williams (CEO, Blue Oxide Technologies, LLC). From IBM developerWorks, XML zone. March 2003. ['One of the great features of XML is that you can easily reuse your designs all the way down to the component level. In this first installment of a three-part series, columnist Kevin Williams provides an overview of XML reuse in enterprise-level solutions, with examples in both XML and XML Schema. You can share your thoughts on this article with the author and other readers in the accompanying discussion forum.'] "In enterprise-level solutions, one of the most challenging problems facing XML designers is how to design structures that can be reused. In this column, I take a look at some of the historical approaches to reusing serialized data, and then show how XML allows you to break from tradition and take a more flexible approach to your document designs... I look at how you can reuse XML designs not only at the document level, but also down to the component level. I show you advantages of this component-level reuse, and how it can simplify code and shorten development cycles. In the next column, I'll identify the different types of reusable components in XML document designs and show you some practical examples of each..."

[March 07, 2003] "Peek Into the Future of XSLT 2.0." By Charles White (The Tumeric Partnership). From DevX.com (March 04, 2003). ['XSLT 2.0 provides powerful new features that XSLT 1.0 was missing. Although XSLT 2.0 is still under development, Mike Kay's Saxon 7 implementation lets you experiment with the new capabilities now.'] "XSLT is beginning to take root into a large base across the enterprise. So what happens? Just as developers begin to get comfortable with XSLT, XSLT 2.0 and XPath 2.0 begin to creep up on them from around the corner. And it's fair to say that XSLT 2.0 is not your mother's XSLT. In fact, XSLT 2.0, XPath 2.0, and XQuery are now so interconnected that if you master one, you can easily master them all. So when you're done with this article, make a note to yourself to study XPath 2.0 when it receives formal recommendation status as a standard from the W3C. This article will introduce you to some of the most interesting core concepts of XSLT 2.0 and its companion, XPath 2.0. While it doesn't cover all the changes to these languages, it will introduce you to the most interesting new features. The brief example at the end of this article may help to tie some of this information together. Like its predecessor XSLT 2.0 relies heavily on XPath (now XPath 2.0) for many of its core features. XPath 2.0 is itself intertwined with yet another emerging standard, XQuery 1.0, which relies on XPath 2.0 so much that after mastering XPath 2.0 you'll have a pretty good idea how XQuery works. It's important to note though that XSLT 2.0 does not rely on XQuery. XQuery is a language for querying XML documents and is already finding substantial support in most of the native XML databases such as XIndice, Ipedo, XHive, and others. In addition, both Microsoft and Oracle plan to support XQuery in their next major releases, which will have native XML database capabilities. Eric Brown, Microsoft's Product Manager for SQL Server, says that the next release of SQL Server, code-named Yukon, will support the following XML features: (1) Native XML Storage, (2) XQuery Support, (3) Cross domain querying between relational and XML data. Some developers are even suggesting that XQuery will supplant XSLT as the primary XML processing language. Other than their common bond to XPath, however, there is no direct relationship between XSLT 2.0 and XQuery... In XSLT 1.0 (and XPath 1.0), there were four kinds of data types: Strings, Booleans, Node-sets, and Numbers. Node-sets, of course, contain nodes, which in turn contain some properties. There are seven types of nodes, the document, element, attribute, text, namespace, processing instruction, and comment nodes. XPath 2.0 has a much richer data model. At the very top of the list is the sequence, which in addition to nodes can consist of XML Schema Language simple types such as xs:int or xs:date, and is equivalent to an ordered list. The addition of XML Schema data types is the biggest change. There are 16 simple data types available through Schema, and XQuery provides for functional access to all of them..." See related resources in "Extensible Stylesheet Language (XSL/XSLT)."

[March 07, 2003] "Web Services in Serious Jeopardy. [Reality Check.]" By David Berlind. In ZDNet Tech Update (March 06, 2003). Includes sections: 'BPEL4WS vs. WSCI' and 'Penchant for patents?'. "APIs are the basis of Web services. Microsoft and IBM played a critical role in making sure that the first Web services protocol necessary to get the ball rolling -- the Simple Object Access Protocol (SOAP) -- was compatible with both of their solutions. Sure, the promise of interoperability and cost savings via Web services is intriguing to IT shops. But the vendors have another motive in establishing a standard set of insulating APIs. Creating a more level playing field in the cost of switching vendors is less hazardous, and potentially favors those companies with the most market clout... Unfortunately for the vendors who want to steal each other's customers and the customers who want to benefit from that war, there's a small problem. And, if the problem is not resolved soon, the entire Web services plan could end up being scuttled. The bandeleros, whose assistance is imperative, were on board with the preliminary plans -- the first few Web services APIs (XML, SOAP, WSDL, etc.). Those basic APIs are essential for dissimilar systems to hold hands, but another set of APIs is essential to making sure that those systems can go to the next level -- dance. In particular, to the extent that multiple systems are involved in the processing of a transaction or series of transactions, the order of execution of every step is imperative, as is the application's response if one of those steps fails. Whereas enterprise databases have long been capable of tracking transactions and rolling back data to its pre-transaction state should an error occur, choreographing a business process that involves multiple dissimilar systems, and then building in a similar degree of fault tolerance, is far more complex. These dissimilar systems -- dance partners, if you will -- would need a common API if the dance were to result in an award-winning performance (successful transaction execution or roll-back) each and every time. It is this API and the current disagreement over it that is threatening the future of Web services. In one corner is the Business Process Execution Language for Web Services (BPEL4WS, but most often pronounced 'bee-pell'). BPEL4WS is a business process and choreography API that was co-authored by IBM, Microsoft and BEA. Although it is completely proprietary and hasn't even been submitted to a standards-setting body, all three companies already have plans to support the specification in their solutions as though it were a standard. At the very least, IBM and Microsoft will be able to continue focusing on picking off each other's customers as well as BEA's. Unfortunately, while the three companies steam forward on BPEL4WS, the rest of the world is standing in the other corner with a competing specification -- the Web Services Choreography Interface (WSCI, pronounced 'whiskey). Unlike BPEL4WS, WSCI has taken the first step towards standardization through a submission to the World Wide Web Consortium (W3C)... Let's suppose that BPEL4WS becomes the de facto standard, by virtue of BEA's, Microsoft's, and IBM's support for BPEL4WS in their application servers, which happen to be the application server market's three leading products. The three intellectual property owners would be in the driver's seat not only when it comes to Web services, but for a portion of the Web itself. It will be exactly the scenario that I've warned about, where the intellectual property owners of one critical protocol could end up in control of an important part of the Internet. At the very least, if you end up being seduced by the promise of standards by using the two Web services protocols (SOAP and WSDL) that IBM and Microsoft shoved down the W3C's throat, it may not be long until you find out that your investment in open standards has locked you into using a proprietary technology. As I have posited before, following a path where you eventually find yourself locked into a proprietary technology puts the intellectual property owner in control of a lot of things, including cost..." Related references: (1) "Business Process Execution Language for Web Services (BPEL4WS)"; (2) "Web Service Choreography Interface (WSCI)"; (3) "Patents and Open Standards."

[March 07, 2003] "Has Jeff Bezos Patented E-Mail Discussion Groups?" By Cade Metz. In PC Magazine (March 05, 2003). "First he received a patent for 1-Click e-commerce. Now he has one for e-mail discussion groups. Last Tuesday, February, 25, the US Patent and Trademark Office issued a new patent to Jeff Bezos, the CEO of online retailer Amazon.com, granting him exclusive rights to 'a method and system for conducting an electronic discussion relating to a topic.' As was the case when he and three other Amazon executives patented the company's 1-Click ordering system, Bezos has gained control of a technology that may not seem particularly innovative to the everyday Internet user. The system described in the patent works a lot like the software available at Yahoo! Groups, CoolList, Topica, and myriad other Web sites. You could even argue that it operates on the same principle as the mailing list servers, or listservs, that have been around since the mid-eighties. Basically, it lets several people hold a discussion over e-mail. One person uses the system to set up a discussion group that others join. Participants then use the system to broadcast messages to the rest of the group. As each message goes out, the system tacks on an organized history of previous messages..." [United States Patent #6,525,747. February 25, 2003 (application filed August 2, 1999). Granted to Jeffrey P. Bezos, Seattle, WA. "Method and system for conducting a discussion relating to an item: A method and system for conducting an electronic discussion relating to a topic. The discussion system of the present invention receives a selection of an item that is to be the topic of the discussion. The discussion system then receives comments relating to the selected item and generates a message that includes a description of the selected item and the received comments. The discussion system then sends the generated message to participants of the discussion. The discussion system receives from a participant who received the generated message additional comments that are to be added to the generated message. The discussion system sends the generated message along with received additional comments to the participants of the discussion."]

[March 07, 2003] "Sybase Releases New Version of PowerBuilder. Features Aim to Make Life Easier for Developers." By Agam Shah. In InfoWorld (March 06, 2003). "PowerBuilder 9.0 will include RAD JavaServer Page Targets, which will allow the development and deployment of JSP Web applications through wizards and other RAD tools, said Dave Fish, principal systems consultant at Sybase. The software will also contain improved capabilities for building Web services, said Fish. After developers point to a .Net or J2EE (Java 2 Enterprise Edition) WSDL (Web Services Description Language) file, PowerBuilder will detect the relevant Web services and ports, and generate the object code to access the Web services described in the WSDL file, said Fish. PowerBuilder 9.0 will also include XML DataWindow, which will allow developers to import data directly from XML (extensible markup language) documents or as a document using XSL Formatting Objects (Extensible Stylesheet Language-FO) syntax or PDF (Portable Document Format), said Fish. In conjunction with third-party tools, XSL-FO makes it possible to import data into PowerBuilder from third-party applications such as Microsoft Word, he said..." See details in the announcement: "Sybase PowerBuilder 9.0 Available. Open IDE Powers Rapid Application Development Across Leading Technologies, with Support for XML, JSP, EJB, .NET and Web Services."

[March 06, 2003] "GSA, DOD Sign On to Liberty Alliance." By Joab Jackson. In Government Computer News (March 06, 2003). "The Department of Defense and the General Services Administration have joined Liberty Alliance, a network identity standards organization. The consortium -- whose members include EDS, Lockheed Martin Corp., Sun Microsystems, MasterCard Inc. and VeriSign -- hopes the government's involvement will help set the standard for large-scale digital authentication and identity management. 'Identity management is becoming ... more relevant as an increasing number of transactions and relationships move online,' said Michael Barrett, president of the Liberty Alliance Management Board. While identity solutions exist in the marketplace, the alliance is creating a common language, or specifications, that will allow the solutions to work in a similar way, paving the way for government bodies to simplify electronic services to a large numbers of citizens, workers and businesses, said Simon Nicholson, head of the business and marketing expert group for the alliance. The GSA is looking at alliance specifications as a way to implement authentication services across the Internet as part of its eAuthentication initiative, one of the 25 e-government projects. This initiative will develop a way to verify the identities of citizens and businesses doing business with the government online. The Defense Department's Defense Manpower Data Center is looking at the specifications for help in maintaining its automated power, personnel, training and financial databases... The signing of the two agencies also represents a major victory for the Liberty Alliance, started in July, 2002, as Microsoft Corp., Redmond, Wash., is rolling out its own identity management service, called Passport. 'We recognized that no one supplier could set the standards and that identity, security and privacy are all key to seeking what we want to offer on the Web. So participation by the GSA and DoD is further evidence that we're agreeing that we all need to work with each other,' [Simon] Nicholson said..." Further references in the news story U.S. Government Agencies Join Liberty Alliance to Support Digital Identity Standards."

[March 06, 2003] "Key Agencies Join Digital ID Alliance." By Rutrell Yasin. In Federal Computer Week (March 5, 2003). "The General Services Administration and the Defense Department's Defense Manpower Data Center have joined the Liberty Alliance Project... Whether GSA's membership will help advance the government's e-Authentication services remains to be seen, said Steve Timchak, GSA's program manager for e-Authentication, which is one of the 24 e-government initiatives in the President's Management Agenda. However, GSA officials want to play a key role in the alliance. 'We want to influence future releases of specifications' by providing policy and technical expertise, he said. GSA joined the alliance because 'industry and government have the same concerns addressing identity management,' Timchak said. These mutual concerns include issues such as single sign-on where an individual logs on to a network once and has access to multiple services he or she is authorized to use, as well as the management of user credentials across multiple systems. The Defense Manpower Data Center joined the Liberty Alliance because it is involved in several projects in which there is a need for secure digital identity, according to agency officials. The center collects and maintains critical information for DOD, including automated power, personnel, training and financial databases. By joining the Liberty Alliance Project, the center and GSA will work with corporations such as American Express Co., America Online Inc., General Motors Corp., Hewlett-Packard Co., MasterCard International Inc., RSA Security Inc. and Sun Microsystems Inc. to develop specifications for a federated network identity model..." See references in U.S. Government Agencies Join Liberty Alliance to Support Digital Identity Standards."

[March 06, 2003] "Welcome to Web Services." By Edd Dumbill. From XML.com Web Services (March 04, 2003). ['XML.com is launching a Web Services site'] "At XML.com we have a long history of being interested in what happens when interoperability between computing systems becomes a reality... Almost four years on, the world of web services, as we now know them, is not so different. A broad and sometimes confusing array of standards competes for mindshare among developers. These are inspired by, and influence, a variety of philosophical approaches as to how web services should be implemented, from SOAP through REST to the Semantic Web. Similarly, diverse XML vocabulary frameworks for exchanging data continue to grow and stabilize, providing a foundation for more complex interaction patterns between online applications... Here at XML.com we wanted to give room to the exploration and coverage of web services, moving outside the scope of purely XML-related matters. So we're launching our Web Services site, with the brief of examining the infrastructure, application, and fun of web services. As with XML.com, we'll bring our own independent voice to the area. We'll seek out innovation and controversy as well as the mainstream... The editorial team is always ready to hear your opinions on what you would like to see covered in the future on the O'Reilly Webservices.xml.com web site... If you're involved with web services in any way, you should consider contributing to the site. We are looking for articles on but not limited to the following topics: (1) Programming web services: .NET, Java, Perl, Python, Apache, etc. (2) Web services standards: SOAP, WSDL, WS-*, BEEP, HTTP, etc. (3) Security, identity, instant messaging, mobile web services. (4) Using public web services: taking advantage of Google, Amazon, etc. (5) Fun, guerrilla, and grassroots applications of web services..." Contact Edd Dumbill.

[March 06, 2003] "Corel To Beat Microsoft Office To Market." By Gregg Keizer. In InformationWeek (March 05, 2003). ['The Canadian vendor plans to ship its WordPerfect Office 11 by the end of April, months before Office 2003 is ready.'] "Corel will beat Microsoft to market with its next office suite, the Canadian company said Wednesday as it revealed that it will ship Corel WordPerfect Office 11 by the end of April, months before Microsoft has its Office 2003 suite ready for prime time. WordPerfect Office 11, which, like Microsoft's Office 2003, is in beta testing, will include the core applications of WordPerfect, Quattro Pro, and Presentations. A professional version will also bundle the Paradox relational database. Although WordPerfect is a distant second to Microsoft in the office-suite market--analysts peg Microsoft's share in the upper 90s--Corel keeps trying to wean users from the software. This year's WordPerfect Office 'is significantly cheaper than Microsoft Office'... [Corel's] Lowe also stressed the differences between Corel's and Microsoft's licensing agreements--important distinctions for businesses. Corel doesn't charge an annual subscription fee to upgrade the suite, Lowe points out, and an enterprise license lets employees also install the suite on their at-home machines. Corel's suite will feature new tools in document collaboration, including a review function that links to Microsoft Outlook for routing WordPerfect documents and a mapping tool that lets users view and navigate long documents. A new customization feature lets users revert to the ancient DOS-style interface of WordPerfect 5.1, blue screen and all. All the applications in the suite sport enhanced skills for publishing documents to XML format--WordPerfect offered up XML format conversions before Microsoft's Office did--and the word processor and presentation maker can both publish to the PDF format, something Microsoft's Office doesn't yet offer. The publish-to-PDF feature has been updated to comply with Abode Acrobat 5.0. File formats for the suite's application remain backward-compatible, and a new batch-conversion tool can translate multiple documents from a variety of formats, including Microsoft Word and RTF. An enhanced legal toolbar adds features from WordPerfect Law Office Editions, including the Pleading Wizard, a concordance macro tool, and a publish-to-Edgar (the Securities and Exchange Commission filings online database) function. WordPerfect has long had its best success in the legal arena. Other changes to the suite include tighter integration between the WordPerfect word processor and Microsoft's Outlook address book, a Reveal Codes printing function that highlights formatting attributes in printed documents, and a revamped XML editor..."

[March 06, 2003] "Web Services Security, Part 1." By Bilal Siddiqui. From XML.com Web Services (March 04, 2003). "This is the first of a four part series of articles that will examine issues related to web services security. The goal is to explain and demonstrate the use of emerging XML-based security standards from W3C and OASIS. The series will help developers understand: (1) the security requirements of web service applications; (2) how the different standards fulfill the different security requirements; (3) how the different security standards are related to each other; and (4) how they coordinate to form modules of the entire web services security architecture. This first article in the series explains the need for XML-based security standards. The topic of web services security will be addressed from the ground up in this article, starting first by looking at the scenarios in which web services are finding use. The XML Signature specification is a joint effort of W3C and IETF. It aims to provide data integrity and authentication (both message and signer authentication) features, wrapped inside XML format. W3C's XML Encryption specification addresses the issue of data confidentiality using encryption techniques. Encrypted data is wrapped inside XML tags defined by the XML Encryption specification. WS-Security from OASIS defines the mechanism for including integrity, confidentiality, and single message authentication features within a SOAP message. WS-Security makes use of the XML Signature and XML Encryption specifications and defines how to include digital signatures, message digests, and encrypted data in a SOAP message. Security Assertion Markup Language (SAML) from OASIS provides a means for partner applications to share user authentication and authorization information. This is essentially the single sign-on (SSO) feature being offered by all major vendors in their e-commerce products. In the absence of any standard protocol on sharing authentication information, vendors normally use cookies in HTTP communication to implement SSO. With the advent of SAML, this same data can be wrapped inside XML in a standard way, so that cookies are not needed and interoperable SSO can be achieved. eXtensible Access Control Markup Language (XACML) presented by OASIS lets you express your authorization and access policies in XML. XACML defines a vocabulary to specify subjects, rights, objects, and conditions -- the essential bits of all authorization policies in today's e-commerce applications. The next article in this series will discuss the syntax of the XML Signature and XML Encryption specifications and how WS-Security uses them..." See general references in "Security, Privacy, and Personalization."

[March 06, 2003] "IBM Eyes Services Provisioning Role for Websphere. Apps Platform Providing Integration." By Paul Krill. In InfoWorld (March 06, 2003). "IBM envisions its WebSphere application platform serving increasingly as a focal point for services provisioning. Already in place to a degree, the Service Integration Bus paradigm anticipated by IBM will understand multiple protocols, in addition to SOAP and Web services. 'We want to go into services-oriented architectures across the enterprise, and that goes way beyond [protocols such as SOAP],' said Andre Tost, solutions architect in the IBM WebSphere Business Development organization, during a presentation at the XML Web Services One conference here on Wednesday. The Service Integration Bus would integrate applications such as portals, b-to-b interactions, Web services, and existing applications and feature a common run-time environment. JCA (Java Connector Architecture) connectors would talk to mainframes and systems such as SAP implementations, Tost said. Additionally, IBM's Web services vision for WebSphere features client- and server-side buses, using Web Services Invocation Framework and an attendant API... Also at the conference, a company official made reference to a technology called Business Process Execution Language for Web Services Java Run Time (BPWS4J), which is an internal implementation of the Business Process Execution Language for Web Services (BPEL4WS) specification proposed by IBM, Microsoft, and BEA Systems last year. BPWS4J serves as a platform for implementing business processes written using BPEL4WS, which is intended to provide for coordination of business processes, said the official, Doug Tidwell, senior programmer and an evangelist in the IBM developerWorks organization..."

[March 06, 2003] "Thinking about Implementing a Web Services Strategy? Make Sure You've Done Your Homework." By Brian Buehling. From XML.com Web Services (March 04, 2003). "Due to the industry's intense promotional activities most IT professionals have been exposed to the concept of web services. They know that a web service is a distributed application that exposes its functionality using a set of XML standards, most likely including SOAP, UDDI, and WSDL. They've heard repeatedly that this model offers the opportunity to better leverage existing investment in Internet technology by allowing companies to orchestrate business applications using components from various platforms throughout their enterprise. However, one fact is commonly overlooked. As with any emerging technology, the web services model presents its own set of implementation, process, and organizational challenges. These limitations are too often underestimated when formulating a corporate web services strategy... There are many ways to mitigate the specific risks associated with implementing a large scale web services project. So before rolling up your sleeves and plunging into your pending project, make sure you've asked yourself the following questions [...] In conclusion, utilizing web services offers great potential to reduce development time and cost in a variety of IT areas including enterprise application integration (EAI), supply chain management (SCM), and customer relationship management (CRM). However, organizations will have to do their homework to understand what problems will be directly solved by adopting a web services model and what challenges will be left up to the implementation team to resolve themselves..."

[March 06, 2003] "Web Services Enhancements 1.0 and Java Interoperability, Part 1." By Simon Guest (Microsoft Corporation). In Microsoft MSDN Library (February 2003). ['The article covers interoperability between Web Services Enhancements 1.0 for Microsoft .NET and Java and shows how the WS-Security specification and implementation can be used to securely sign a Web service call from Microsoft .NET to Java and vice versa. The IBM Web Services ToolKit 3.3.2 enables WS-Security functionality for Java. Includes downloadable code samples,'] "This article shows a working example of using the WS-Security specification and implementation to sign a Web service request with X.509 certificates between Microsoft .NET (using WSE) and Java (using the IBM WSTK). This article does not show encryption, which will be featured in a later article. So, what is the requirement behind using WS-Security for signing Web service requests between .NET and Java? The ability to sign a Web service request guarantees that the message contents have not been altered during transit. Using a digital certificate, it is possible to sign a Web service request with a private key, so that it can only be validated with the corresponding public key. Until now, there have been two options for securing Web services: one at the transport level (using SSL), and another at the application level, using a custom security mechanism. Both of these options, while technically effective, have some limitations or drawbacks for adoption. Security at the transport level using SSL can be used to guarantee the integrity of a Web service request by securing the underlying transport layer (HTTP). SSL can be used both to encrypt the link and to validate the client and server using certificates. One of the main problems in using SSL to secure Web services is that the security is only effective from a single point to another. As the SSL communication is based on the transport, once the end point has been reached, this method of securing the message is no longer applicable. For example, if I send a message from Client A to Server B, I can use SSL to secure the link. If, however I send a message from Client A to Server C -- and it has to go via Server B -- there is no easy way to ensure the security of the message using SSL through this intermediary. It is also possible to develop a custom security mechanism where the contents of the message and headers were signed at the client and checked at the server. This would overcome the transport security issue, but in the end this would be a custom solution. Organizations that wish to secure Web services that are made public to other organizations would have to ensure that the same technology is used at each of the end points. WS-Security solves both of these problems by providing an application-based way of signing the Web service (to avoid issues seen with securing at the transport layer) using an openly published standard that can be referenced and adopted by customers, system integrators, and vendors..."

[March 05, 2003] "Does Fair Use Apply? Software Vendors Want the Kind of Lock on Products That Has Never Been Allowed in Book Publishing." By Ed Foster. In InfoWorld (March 03, 2003). "If I loan a book to a friend to read, am I committing an act of piracy? The day is fast approaching when at least some people will answer that question in the affirmative. Amid the sound and fury generated by our recent discussions of TurboTax product activation, an important point had to take a backseat to the more immediate concerns readers were expressing about Intuit's move to restrict use of pass-along CDs. Now that the smoke has cleared at least a little, I'd like to get back to it... passing along the CD [for use by a friend] while keeping a copy of the program for yourself would be piracy. If that had been Intuit's primary concern, however, it would not have needed to upset users with a complex product-activation scheme. The type of copy protection used by many game software publishers, requiring the CD to be present for the program to run, would have sufficed... So why don't we feel like pirates when we loan someone a book? Or, for that matter, when we give away a video, music CD, or DVD? Books may not be as subject to casual copying as software programs, but the music and motion picture industries are crying piracy even louder than the software industry. And even the worst of the anti-fair-use laws their lobbyists are pushing Congress to pass wouldn't block resale of a legal copy... It makes you wonder if book publishers are just too stupid to live. Why don't they put their own license agreement on the inside cover to prohibit transfer of the product? As I've mentioned before, this idea has occurred to book publishers -- many times, in fact. They thought of it at least as early as the 1800s, which is why we have more than 100 years of court decisions affirming the 'first sale' doctrine of copyright law. Once the publisher has sold a copy of a book or other copyrighted work, first sale says purchasers may do whatever they please with their copy except make a copy of it. Time and again, courts have ruled that notices printed in a book prohibiting its resale; mandating the price it can be sold for; or limiting where, when, or to whom it can be sold are not binding on the purchaser... The software business and the book business are very different, and the same can be said for the movie, music, TV, radio, and computer magazine businesses. Yet can anyone doubt that, one way or another, digital technology is going to change how we do business with our customers? Sooner or later, a common set of rules will exist. Maybe those rules will include the fair use and first sale principles we've taken for granted for so long, or maybe the rules will be hidden away in sneakwrap licenses and enforced by digital rights management technology. We have a choice. What's at stake is how free we are to share information, which means what's at stake is how free our society really is..." [Ed Note: Foster highlights a concern of many, viz., that 'fair use' and 'first sale' as constitutional [or natural] rights are being contemptuously dismissed by leading DRM- and "rights language" developers: "It's not our problem," they say, "and besides, design for protecting these kinds of rights is too complicated, sorry..." Related references in: (1) "XML and Digital Rights Management (DRM)"; (2) "Patents and Open Standards."

[March 05, 2003] "ID Management Logs On: Who's Who When." By Cameron Sturdevant. In eWEEK (March 03, 2003) pages 31-32, 36. eWEEK Labs Special Report. ['Single sign-on and other technologies are evolving to deliver on the promises of lower costs and easier provisioning -- if you can get over the implementation hurdles.'] "A bevy of single-purpose single-sign-on products, biometric devices and integrated identity management frameworks promise reduced operational costs through streamlined user-rights provisioning. However, not much has been done to improve these systems' reputations for being difficult to implement, so government regulation is still the biggest driver for deployment. eWEEK Labs has found that most of the products on the market today will help IT managers control access to sensitive data. However, organizations that don't have at least a winnowed-down enterprise directory and a stable, well-understood set of applications should put identity management on hold for now. The good news for IT managers who do face regulatory obligation is that most of the products we looked at will help smooth the way to provisioning identity management and single sign-on. However, long-term savings will remain elusive until the underlying directory mishmash is unified. The identity management tools we looked at for this report are oriented almost exclusively toward human beings. In the coming year, Web services -- and the need to authenticate and authorize other computers along with applications and services running in the network -- will force a paradigm shift to encompass any computing resource... Questions to ask when considering an identity management system: (1) Is software required on the client system? Try to avoid systems that require client software. If client software can't be avoided, make sure the client update mechanism will work with your organization's software distribution system. Don't have a software distribution system, either? Then the organization isn't ready for single sign-on. (2) Does the platform allow self-service password reset? Weight self-service heavily in your list of requirements. If an administrator has to get involved in password reset, a big chunk of ROI just flew out the window. (3) Does the system integrate with a directory already in use at the organization? Score! If not, be ready to work through a directory implementation project before starting on the identity management system. (4) How are user rights revoked? The ability to effectively block former users from the system without destroying the record of their authorized use is crucial..." See also the sidebar (page 36): "Sutter Health CIO Discusses Single Sign-On."

[March 05, 2003] "Whirlpool Cleans Up With Single Sign-On." By Anne Chen. In eWEEK (March 03, 2003) pages 31-33. ['Whirlpool needed to provide Web-based single sign-on to reduce the number of passwords within the organization; synchronize user names and passwords for legacy applications; reduce help desk calls. Its solution use an access management product to manage policies for Web-based applications tied to an LDAP server; deploy an identity management product to provision user names and passwords and allow users to reset their own passwords via a portal'] "Persuading business executives to spend money on security technologies can be harder than pulling teeth. It can be much less difficult, however, if you are able to show how a new technology can make executives' lives easier and cut costs while improving security. That's what Whirlpool Corp. Vice President of Architecture and Planning Jim Haney learned last year. Recognizing that harried executives were becoming tired of using and managing as many as 10 passwords each to access enterprise applications, Haney said he could simplify their lives while cutting help desk and administrative costs by deploying a companywide, Web-based, single-sign-on system. Whirlpool executives, not surprisingly, couldn't approve the project fast enough. The decision to reduce the number of passwords is paying off. Whirlpool recently rolled out identity management products that not only enable 59,000 company employees and 15,000 trading partners to authenticate to enterprise applications with one user name and password combination, but also allow them to reset their passwords via a portal. Those capabilities will save the $11 billion appliance company millions of dollars in help desk calls and dramatically increase end-user productivity, Haney said. 'When executive management leadership in the company complained about all the different sign-ons we had, that was indication No. 1 that something was amiss,' Haney said. 'We didn't want our application vendors to dictate security schemes and directories to us. We wanted to consolidate and standardize application authentication and handle security our way'... An increasing number of enterprises such as Whirlpool are turning to single-sign-on technologies as a cost-effective way to manage user account and access rights, experts say. And it's not hard to see why. Gartner Inc., of Stamford, Conn., predicts that a return on investment of nearly 300 percent and savings of $3.5 million can be achieved over three years by a business of 10,000 employees that has implemented an automated identity management system. And this interest in single sign-on will grow as an increasing number of organizations are forced to respond to privacy and security regulation and as they struggle to authenticate users on more online applications, says Gartner..."

[March 05, 2003] "SOAP Author Says Enough Specs Already. Get On With Writing Applications, He Tells Developers." By James Niccolai. In InfoWorld (March 05, 2003). Don Box, an architect in Microsoft's .Net software group, speaking to developers at the XML Web Services One conference, "acknowledged having contributed to the 'cacophony' of Web services specifications and said he plans to write less. A 'terrible, terrible thing' has happened in the past two years, he told developers here. The software industry has become so fixated on new specifications that it has lost sight of the fundamental goal: using XML to link software applications together. While some new specs that have been proposed are important and useful, others are too complex and still others will probably never be used, including some from Microsoft, he said. XML (Extensible Markup Language), a technology at the heart of Web services, is by now 'pretty stable,' Box said, and 'the Holy Trinity' of Web services -- meaning SOAP, WSDL (Web Services Description Language) and UDDI (Universal Description, Discovery and Integration) -- are complete enough for most developers to use. Other specifications are being hammered out to address security, management, orchestration and other aspects of Web services, but he urged developers not to wait for the results. 'I strongly encourage you not to wait for all of this stuff to settle down. The important stuff has settled down sufficiently that unless you are building the enterprise information bus for your company, we are done. And if you're building that (information bus), wait a few months and that will settle down by the end of the year,' he said. His four tips for developers: Read fewer specifications, write more applications, write less code by using tools that generate code automatically, and remember that humans matter, so if you must write a specification, make it legible... Bob Sutor, IBM's director of Web services technology, touched on the standards issue here earlier in the day. 'This has got to be the year we stop talking about SOAP and WSDL and start talking a lot more about what a business can accomplish with Web services,' he said. Some specifications have been proposed for competitive reasons as much as because they solve any pressing need, Microsoft's Box suggested. 'What matters is software, not specs written by vendors just to position yourself against five other vendors,' he said..."

[March 05, 2003] "BEA Shows Web Services Allegiance. Suite Backs IBM-Microsoft Proposal, But Not Rival Sun Plan." By Paul Krill. In InfoWorld (March 04, 2003). "Although BEA Systems has been in the somewhat-peculiar position of backing rival Web services choreography efforts, aligning with IBM and Microsoft on one proposal and Sun Microsystems on another, details of the company's new product suite, WebLogic Platform 8.1, reveal that BEA is moving closer to the IBM-Microsoft camp. WebLogicPlatform 8.1, the company's Java applications platform suite unveiled at the BEA eWorld conference here Monday, supports the IBM-Microsoft-BEA Web services choreography proposal, known as Business Process Execution Language for Web Services (BPEL4WS), said company CTO Scott Dietzen, in an interview this week. Version 8.1, however, does not support the rival Sun-driven effort, Web Services Choreography Interface (WSCI), which also has had BEA's endorsement. Web services choreography involves automation of Web services and is considered crucial for applications such as Web services-based transactions. An implementation of BPEL4WS is included in WebLogic Platform 8.1, Dietzen acknowledged. 'We're supporting BPEL4WS [in Version 8.1] because big customers, like Siebel, want it. We haven't had the same demand for WSCI,' so it is not in the Version 8.1 container, said Dietzen. Dietzen, however, noted that BPEL4WS is not a finalized proposal and that BEA hopes a single standard for choreography can be forged... Although Version 8.1 was just unveiled this week, a BEA official during a keynote presentation at eWorld Tuesday provided brief glimpses into the direction of future versions of WebLogic Platform. Key areas of focus include management, deployment, and automating changes, specifically deploying changes in a distributed environment, said Olivier Helleboid, president of the BEA Products Organization... BEA also is focusing on extending security in a general enterprise environment and adding simple tools for developers to move development closer to business operations. Improving basic performance, scalability, and management also remains a priority, Helleboid said. 'We are a year or two years ahead of IBM in that space and we absolutely intend to stay that way,' said Helleboid. WebLogicPlatform 8.1 features new versions of products such as the WebLogic Server application server and WebLogic Workshop development environment. The platform is available in beta version now, with general availability planned for this summer..." See: "Business Process Execution Language for Web Services (BPEL4WS)"; (2) "Web Service Choreography Interface (WSCI)."

[March 05, 2003] "IBM Delivers SOAP for CICS. Tech Preview Due Out By Month's End." By Ed Scannell. In InfoWorld (March 05, 2003). "IBM on Wednesday announced it will offer a CICS (Customer Information Control System) SOAP Technology Preview designed to help developers build connections to its venerable CICS-based mainframe applications through Web services. The new technology, to be available by the end of this month free of charge on IBM's alphaWorks Web site that, provides SOAP enablement of existing CICS Cobol applications, permitting them to be invoked through SOAP requests over either HTTP or WebSphere MQ messages and then integrated both inside and outside of the enterprise. 'This means you can invoke Cobol and PL/1 programs via SOAP messages without the need for an intermediary. You can open up all this enterprise data and communicate with these applications in a way you could not before,' said Bob Sutor, IBM's director of Web services technology in Somers, N.Y. IBM sees the technology as an essential step toward validating Web services as a fundamental technology corporate users need to make their legacy applications reach out and fully interact with more modern technologies both inside and outside their companies... In a somewhat related announcement on Tuesday, IBM said it plans to incorporate the choreography functions from its WebSphere Application Server Enterprise Edition into its WebSphere Studio Enterprise Developer toolkit sometime during the second quarter. 'By extending those tolls to include choreography functions, users can design business processes and address transactions so they include Web services,' Sutor said, CICS is a mainframe-level transaction monitoring system that has had a presence in corporate accounts for 35 years and still very much vital to many of those companies. IBM officials estimate that in the neighborhood of $1 trillion worth of transactions move across CICS-based mainframes every day."

[March 04, 2003] "Common Information Model: Simplifying Storage Management." By John Mallory (LSILogic.com). In Storage Management Solutions (SMS) Volume 7, Issue 6 (February 2003), pages 64-68. "Storage management is poised to undergo fundamental change over the next few years. The SNIA Storage Management Interface Specification (SMIS) -- formerly known as Bluefin -- provides, for the first time, the promise of truly interoperable heterogeneous storage network and storage management solutions. SMIS is based upon the Common Information Model (CIM) and Web-Based Enterprise Management (WBEM); together, CIM and WBEM provide the technological foundation fo SMIS. The first portion of this article will explore the background and concepts of CIM/WBEM, and show how CIM/WBEM technology is used for storage network management. The second portion of this article will discuss the numerous benefits of using CIM/WBEM based technology for storage management... CIM, which is based upon an object-oriented model, provides a uniform data model to define and describe all devices in, and aspects of, an enterprise computing environment. With CIM, each type of device-a storage array, for example-is described in a common and consistent way, irrespective of the vendor and the device architecture... There are two parts to CIM-the CIM specification and the CIM schema. The CIM specification describes CIM's language, naming, high-level concepts and mapping techniques to existing management models (eg, SNMP). The CIM schema provides the detailed modeling descriptions of how to represent devices and the overall managed environment. Taken together, the CIM specification and schema provide a document that consistently and completely describes all aspects of a managed environment. Additionally, the CIM specification and schema provide a comprehensive method for adding vendor unique extensions within the CIM framework, providing for customization while still remaining CIM compliant. The end result is that CIM is a comprehensive model that is updated on a regular basis and provides the flexibility needed for real world management. In parallel with developing and launching CIM, the DMTF launched the Web Based Enterprise Management (WBEM) initiative. The purpose of the WBEM initiative was to develop a standardized, non-proprietary, environment-independent way to access, share and aggregate management information in a heterogeneous computing environment. WBEM can be though of as an umbrella, unifying several pieces of standard technology into a standardized management model and unified management interface. WBEM is currently comprised of three core components-a data model, the CIM standard; a data encoding and language standard, XML encoding of CIM data; a data transport mechanism, CIM operations over HTTP. CIM, as previously described, provides a common method to model and describe managed objects. XML encoding of CIM data allows CIM data to be presented in the industry standard XML format. CIM operations over HTTP provides an industry standard protocol and platform independent method of transmitting CIM data. WBEM currently relies on these three components to provide a comprehensive standard management interface, but is flexible and extensible enough to incorporate future standards and technologies in a seamless fashion..." See: "DMTF Common Information Model (CIM)."

[March 04, 2003] "Sun's Project JXTA Goes Over 1 Million Mark." By Darryl Taft. In eWEEK (March 04, 2003). "Sun Microsystems Inc. Tuesday announced that its peer-to-peer technology, known as Project JXTA, has experienced strong adoption since its rollout nearly two years ago. According to Sun, more than 1 million developers have downloaded Project JXTA from the Sun Web site since it was introduced in February 2001. Sun released the first full, stable version of the technology in November 2001, said Juan Soto, Sun's group engineering manager for JXTA, in an interview with eWEEK. Soto and Sun's chief technology officer of software, John Fowler, are scheduled to discuss JXTA in a conference call with press and analysts Tuesday. In addition, Sun announced that the National Association of Realtors and the National Association of Convenience Stores have implemented JXTA-based applications and that independent software vendors have released commercial products based on JXTA. JXTA is a standards-based, peer-to-peer technology that supports collaboration and communication on networked devices, including cell phones, pagers, PDAs, PCs and servers. Sun released JXTA to the open-source community in April 2001. The technology runs across multiple platforms. JXTA is short for 'Juxtapose, as in side by side. It is a recognition that peer-to-peer is juxtapose to client server or Web based computing -- what is considered today's traditional computing model,' according to the Project JXTA Web site... Speaking of the move to make JXTA open source, Soto said, 'We thought it needed to be an open effort because no one company could do it [deliver an enterprise peer-to-peer solution] in a startup, which was who was looking at it' when the JXTA project originated at Sun. 'The idea behind the original protocol has remained remarkably constant,' he said. 'It provides you with the opportunity to have a physical thing represented from a virtual address.' Soto said JXTA supports Web services with a JXTA pipe called SOAP that enables users to send Simple Object Access Protocol messages across a JXTA network. It also features monitoring capabilities via a protocol used to query any remote peer about its status. 'This gives you a management channel to control a P2P network,' Soto said. 'And you can secure a network or get to a highly secure P2P network'... The military has been looking at JXTA, Soto said, because 'soldiers themselves are now networked devices' and JXTA could further enable that trend..." See details in the announcement: "Sun Continues to Innovate as Project JXTA Speeds Past One Million Downloads. Only Peer-to-Peer Computing Technology that Enables Collaboration and Communication on Any Networked Device. Commercial Products Available from InView Software, Internet Access Methods, and Implemented by National Association of Realtors and National Association of Convenience Stores (NACS)."

[March 04, 2003] "Tamino Gains Query Power." By Timothy Dyck. In eWEEK (March 04, 2003). ['Tamino provides a flexible system for storing and searching XML-formatted data. Organizations that need to archive or query large numbers of XML documents will find XML Server 4.1.1 a capable option. Those planning to construct XML-enabled content management systems should investigate products that are oriented more toward indexing and searching non-XML-formatted data.'] "Organizations using XML-formatted data and struggling with ways to keep mounting XML data collections under control will find Software AG's Tamino XML Server 4.1.1 an effective tool. The software let eWEEK Labs store XML data directly in the database, optionally verifying its conformance to an XML Schema document structure, and then let us query the data set to retrieve selected elements or attributes. The major change in this release (Version 4.0, the first 4.x release, was a beta version) is support for the developing XQuery XML query language. XQuery is still in the working-draft stage but is already much more powerful than Tamino's own query language, called X-Query (mind the hyphen). Based on XPath, X-Query, which is still supported, is more compact than XQuery but lacks its ability to format returning data and form joins. As a result, XQuery is much more powerful and expressive than X-Query, and current Tamino users will find the addition compelling... In addition to a variety of data loaders, Tamino offers a WebDAV (Web-based Distributed Authoring and Versioning) server that provides a very convenient way to import, access and delete Tamino data -- we simply copied XML files into a WebDAV folder and could immediately query them from within Tamino. Deleting the files removed them from Tamino's database. Tamino provides a complete set of client APIs for accessing data: four Java APIs, a .Net API, an ActiveX-based API and a JavaScript API. A SOAP (Simple Object Access Protocol) API would be a good standards-based addition. A partially supported SOAP add-on is available at the Tamino developer site for testing; the company is evaluating feedback in preparation for a fully supported SOAP API..."

[March 04, 2003] "HP Creates New Web Services Unit. HP's Web Services Management Team Unveiled." By Ashlee Vance. In InfoWorld (March 03, 2003). "Hewlett-Packard is realigning its corporate structure to help push Web services within the organization and the industry, said Carly Fiorina, chairman and chief executive officer at HP, during a Monday speech at an industry conference... Fiorina announced the formation of a Web Services Management team at HP that will oversee the company's work with both J2EE (Java 2 Enterprise Edition) applications and Microsoft's .Net-based software. One of the major goals for the new group will be making sure HP'sOpenView management software works well with J2EE and .Net software from various vendors, Fiorina said... HP, along with a host of other vendors, is backing Web services technology that helps link various kinds of software via widely agreed-upon standards. The idea is to make it easier for various types of applications to communicate with each other and pass along information using common channels... To help support its plan, HP created the Web Services Management team, which will be run by Nora Denzel, senior vice president of software at HP. Denzel will lead HP's efforts to create a common management interface for both J2EE and .Net software, according to a statement. HP is looking to manage both sets of software with its OpenView product line. HP has also created a services practice dedicated to J2EE-based software, Fiorina said. This services body will be staffed by 1,000 people by year-end. On the technology side of the house, HP has developed the OpenView Web Services Management Engine, which will let the OpenView software manage applications directly, according to the statement. HP has rolled out this software to handle and manage Web services requests directly instead of relying on other management applications. HP has joined Sun Microsystems as one of BEA's biggest hardware partners..."

[March 04, 2003] "Tip: Use 'rdf:about' and 'rdf:ID' Effectively in RDF/XML. Minimize Confusion in Specifying Resources." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks, XML zone. February 2003. ['The combination of RDF and XML allows for several different approaches to specifying resources, and sometimes the rules for interpreting the syntax can be troublesome. In this tip, Uche Ogbuji uses examples to illustrate the various behaviors of the rdf:ID and rdf:about attributes, and shows how to use XML Base to control these behaviors.'] "This tip covers the RDF/XML syntax specification of 23-January-2003. You may want to review the latest W3C RDF primer if you are not familiar with recent RDF specifications. In RDF/XML, the subjects of statements are organized into node elements, which use attributes such as rdf:about and rdf:ID to set the subject for a collection of statements about that subject. Rules govern how the actual RDF subject URIs are constructed from these attributes, but there is plenty of room for confusion, and even instability, in the parsing results from environment to environment, if you're not careful. This tip offers some practices that can help minimize such errors and confusion... The behavior of rdf:about with respect to relative URIs also applies to similar attributes such as rdf:resource. The behavior of rdf:ID is similar to that of rdf:bagID and the like. Throughout your RDF/XML files, you should be acutely aware of any base URIs that are in effect so you can be sure you understand the process by which the RDF model is generated. As for choosing between rdf:ID and rdf:about, you will most likely want to use the former if you are describing a resource that doesn't really have a meaningful location outside the RDF file that describes it. Perhaps it is a local or convenience record, or even a proxy for an abstraction or real-world object (although I recommend you take great care describing such things in RDF as it leads to all sorts of metaphysical confusion; I have a practice of only using RDF to describe records that are meaningful to a computer). So rdf:about is usually the way to go when you are referring to a resource with a globally well-known identifier or location..." See "RDF/XML Syntax Specification (Revised)." W3C Working Draft 23-January-2003 and the "RDF Primer," W3C Working Draft 23-January-2003. General references in "Resource Description Framework (RDF)."

[March 04, 2003] "Have We Had Enough XML Specs Yet Already? -- Don Box at XML Conference." By Jack Vaughan. In Application Development Trends (March 04, 2003). "In a keynote yesterday at the XML Web Services One Conference, SOAP co-author Don Box advised XML developers to read less specs, write more apps and less code, and to remember that humans matter. While proffering advice, Box, who joined Microsoft over a year ago as a technical evangelist, counted himself as among those who have made XML more complex than it needs to be. In terms of writing specs, 'I am guilty of being very prolific,' he admitted. 'There are countless specifications in this area,' added Box. 'It takes nothing to create a spec, and even less to put 'WS' in front of it and make it look official. It means nothing unless people use it,' he noted. 'Specs are like bodily orifices,' he quipped, 'everyone has one.' He continued, 'What matters is people writing software that uses XML. If the spec doesn't get you closer to that, it's not that relevant.' Box did not spare Microsoft in his analysis, either. 'There are specs from Microsoft that will never be implemented,' he said. 'But in terms of specifications, I think we are near the end'..."

[March 03, 2003] "An Introduction to Streaming Transformations for XML." By Oliver Becker, Paul Brown, and Petr Cimprich. From XML.com (February 26, 2003). ['An introduction to Streaming Transformations for XML, from its creators. STX (Streaming Transformations for XML) is an approach which attempts to merge the stream-based efficiency of SAX with the programming convenience of XSLT. The authors provide working examples and pointers to implementations.'] "This article introduces Streaming Transformations for XML (STX), a template-based XML transformation language that operates on streams of SAX events. STX resembles XSLT 1.0, the tree-driven transformation language for XML, but STX offers unique features and advantages for some applications... SAX is the event-oriented sibling of the DOM API. STX provides a streaming analog for XSLT by adopting some of the now familiar concepts from XSLT (e.g., matching based on templates and an XPath 1.0-like expression language) but using SAX as the underlying interface to the XML document. In line with the proscription about XSLT, STX is neither a general purpose XML transformation language, nor is it an attempt to improve, extend, or replace XSLT. Like SAX, STX is a completely free, grassroots effort by the XML community, initiated by Petr Cimprich; the specification and a mailing list are hosted on SourceForge. A quick glance over the example stylesheet should remind the reader of an XSLT stylesheet: (1) STX stylesheets are well-formed XML and can thus be edited with any text or XML editor; (2) STX stylesheets consist of a mixture of instructions and declarations in the STX namespace, literal result elements, and content... The most important difference between XSLT and STX is the difference between XPath 1.0 nodes and SAX events. The fundamental, atomic unit of operation in XPath 1.0 is a node that exists in the context of its containing document and inter-node relationships (parents, siblings, children, and so on). In contrast, the fundamental unit of operation in SAX is an event that exists without any additional context. ... STX is an approachable means for transforming streaming XML with two usable implementations and an active, community-driven development effort..."

[March 03, 2003] "Inside the RSS Validator." By Mark Pilgrim. From XML.com (February 26, 2003). ['Mark Pilgrim explains the RSS validator and its implementation.] "In previous columns, I have introduced RSS and explored options for consuming it. Now we turn to the production side. Last month I stirred up a small controversy by suggesting that RSS consumers should go out of their way to consume as many feeds as possible, even ones which are not well-formed. This month I hope it will be somewhat less controversial to say that RSS producers should go out of their way to produce feeds that conform to specifications as well as possible. Rule Zero is that all RSS feeds must be well-formed XML... Not all RSS consumers use the advanced techniques we discussed last month; many can only parse RSS feeds that are well-formed XML. There are many tools for producing XML; you should use one of them as opposed to, say, using string concatenation and a non-XML-aware templating system and hoping for the best... there are a number of domain-specific rules and best practices for RSS feeds. These are fairly well encapsulated in the free online RSS validator. Point the validator at your RSS feed and follow its instructions if it finds any errors or warnings. It will catch common XML errors such as unescaped ampersands and high-bit characters; domain-specific errors such as missing required elements; and more subtle errors such as improper language codes in the <language> element... How the validator works internally is actually fairly interesting -- much more interesting than the arcane rules of RSS validity -- and that's where I'd like to focus. The validator is written in Python, and it is available under a liberal open source license, so you can download the complete source code..." See also: (1) Content Syndication with RSS, by Ben Hammersley; (2) general references in "RDF Site Summary (RSS)."

[March 03, 2003] "XML, SOAP and Binary Data." By Adam Bosworth (BEA Systems), Don Box (Microsoft), Martin Gudgin (Microsoft), Mark Nottingham (BEA Systems), David Orchard (BEA Systems), and Jeffrey Schlimmer (Microsoft). From XML.com (February 26, 2003). White paper Version 1.0, February 24, 2003. ['A white paper which discusses the architectural issues encountered when using opaque non-XML data in XML applications, including (but not limited to) Web services and SOAP. This white paper from Don Box and his colleagues addresses a long term issue in XML, namely the coordinated transport of opaque binary data in conjunction with an XML document.'] "The desire to integrate XML with pre-existing data formats has been a long-standing and persistent issue for the XML community. Users often want to leverage the structured, extensible markup conventions of XML without abandoning existing data formats that do not readily adhere to XML 1.0 syntax. Often, users want to leave their existing non-XML formats as is, to be treated as opaque sequences of octets by XML tools and infrastructure. Such an approach allows widely used formats such as JPEG and WAV to peacefully coexist with XML. As XML is increasingly used as a message format (e.g., SOAP), the interest in integrating opaque data with XML has increased to the point where there are at least two competing proposals for doing so (SOAP With Attachments [SwA] and WS-Attachments). Because SwA was the first widely-publicized mechanism for dealing with binary data, it has had a large influence on how the community views the issues surrounding this topic. Unfortunately, SwA (as well as WS-Attachments) conflates several orthogonal issues. Specifically, both SwA and WS-Attachments assume that a URI-based referencing mechanism by itself is sufficient for supporting opaque binary values in messages. Moreover, at least one of the proposals (SwA) attempts to solve problems that are in no way limited to SOAP, that is, how URI that appear as XML element or attributes content are to be resolved in the presence of multipart MIME. As field experience with both SwA and WS-Attachments has shown, the lack of an XML-focused approach to opaque data has lead to solutions that are unnecessarily complex for developers and software components. This white paper attempts to present the various issues raised by dealing with opaque data in XML, without nominating a particular solution... Retaining SOAP's tradition of purely Infoset-based messages has various advantages: (1) SOAP extensions only have to be defined in terms of one data model and one processing model, both of which are already defined in SOAP/1.2. (2) Applications can directly take advantage of the rich set of technologies available for XML processing. (3) Interface description can provide a single, simple, and consistent model to the developers and tools. (4) Programmatic interfaces can expose a single programming model to the developer. (5) A single security model can be applied to the Infoset, encompassing all message content in a uniform manner. (6) Infoset mappings can be defined for multiple serialization formats, effectively unifying multiple messaging technologies. (7) Finally (and perhaps most importantly), ALL SOAP messages can be represented in pure text. Even in the face of exotic in-memory or on-disk data structures for representing XML, one can always produce a purely text-based form of the message. The utility of the installed base of text processing tools should not be overlooked. Text is our heritage and abandoning it loses a key feature of the web service architecture. The authors of this paper believe strongly that that data and processing model for SOAP has always been and should remain purely XML-based. Literally thousands of man-years have been directed at defining and refining an architecture based on these assumptions. Moreover, the data and processing model for SOAP should deviate as little as possible from the current SOAP/1.2 Candidate Recommendation. The authors also believe that the XMLP WG charter allows sufficient freedom in associating opaque data with SOAP Messages to define a SOAP specific processing model, including the XInclude approach, as well as participating in or leading other approaches..." General references in "Simple Object Access Protocol (SOAP)."

[March 03, 2003] "Special Characters, Database Mappings." By John E. Simpson. From XML.com (February 26, 2003). ['John E. Simpson discusses XML special characters and SQLX.'] "... Yes, an XSLT processor, just like any other application which expects legitimate XML as input, will choke on ampersands, less-than symbols, and so on instead of their entity-reference forms. If you use a GUI-based XHTML or HTML editor, you may have noticed that you're free to enter any old character into a document, even the 'dangerous' markup-significant ones. What's more, the editor even shows you a literal ampersand, instead of something horrible like &. If you examine the raw source behind the GUI cosmetics, though, you'll find entity references scattered around even though you well know you didn't key them in yourself. The editor is in effect mediating between the markup- and non-markup-based worlds in the same way that your preprocessor would need to do... In a comment posted shortly after [the last month] column's publication, technical writer, editor, and Oracle database guru Jonathan Gennick directed me to an emerging ISO/ANSI standard called SQLX. Billed as the place 'where SQL meets XML,', SQLX is a joint effort by representatives of IBM, Oracle, Sybase, Microsoft, and Northrop-Grumman to establish a standard for the 'ways in which Database Language SQL can be used in conjunction with XML.' As Gennick says, 'no need to reinvent the wheel' by proposing some alternative method of mapping identifiers'..." The the SQLX Workgroup website references an August 2002 ISO-ANSI Working Draft for XML-Related Specifications (SQL/XML); see following bibliographic entry. Related references: (1) "Oracle XQuery Prototype and Oracle9i Database Release 2 with SQLX and XMLType Support"; (2) general references in "XML and Databases."

[March 03, 2003] "ISO-ANSI Working Draft XML-Related Specifications (SQL/XML)." Draft text for: Information technology -- Database languages -- SQL -- Part 14: XML-Related Specifications (SQL/XML). // Technologies de l'information -- Langages de base de donnée -- SQL -- Partie 14: «Specifications à XML» (SQL/XML).] Edited by Jim Melton. ISO/ANSI WD Reference: WG3:DRS-020, H2-2002-365. August, 2002. ISO Reference: ISO/IEC JTC 1/SC 32/WG 3. Date: 2002-08-09. ISO/IEC 9075-14:200x(E). Produced by ISO (International Organization for Standardization) and ANSI (American National Standards Institute). ISO/IEC JTC 1/SC 32/WG 3; ANSI TC NCITS H2. 154 pages. "This part of ISO/IEC 9075 defines ways in which Database Language SQL can be used in conjunction with XML. This standard defines mappings from SQL to XML, and from XML to SQL. The mappings from SQL to XML include: (1) Mapping SQL character sets to XML character sets; (2) Mapping SQL <identifier>s to XML Names; (3) Mapping SQL data types (as used in SQL-schemas to define SQL-schema objects such as columns) to XML Schema data types; (4) Mapping SQL data values to XML data values; (5) Mapping an SQL table to an XML document and an XML Schema document; (6) Mapping an SQL schema to an XML document and an XML Schema document; (7) Mapping an SQL catalog to an XML document and an XML Schema document. The mappings from XML to SQL include: [1] Mapping Unicode to SQL character sets; [2] Mapping XML Names to SQL <identifier>s..." For an overview, see "Standards: SQL/XML is Making Good Progress," by Andrew Eisenberg (IBM) and Jim Melton (Oracle Corp), ACM SIGMOD Record Volume 31, Issue 2 (June 2002). The update describes new work as of June 2002: "in three parts. The first part provides a mapping from a single table, all tables in a schema, or all tables in a catalog to an XML document. The second of these parts includes the creation of an XML data type in SQL and adds functions that create values of this new type. These functions allow a user to produce XML from existing SQL data. Finally, the 'infrastructure' work that we described in our previous article included the mapping of SQL's predefined data types to XML Schema data types. This mapping has been extended to include the mapping of domains, distinct types, row types, arrays, and multisets..." [cache]

[March 03, 2003] "Scripting Web Service Prototypes." By Christopher Vincent (Internet Technology Team, IBM Systems Group). In ACM Queue Volume 1, Number 1 (March 2003), pages 22-27. "As web services become increasingly sophisticated, their practitioners will require skills spanning transaction processing, database management, middleware integration, and asynchronous messaging. IBM Lightweight Services (LWS), an experimental hosting environment, aims to support rapid prototyping of complex services while insulating developers from advanced issues in multi-threading, transactions, and resource locking. To achieve this we adapt a high-level, event-driven, single-threaded scripting environment to server-side application hosting. Developers may use this freely available environment to create robust web services that store persistent data, consume other services, and integrate with existing middleware. Lightweight services are invoked by standard HTTP SOAP clients, and may in turn invoke other web services using WSDL. Here prototyping means creating fully functional web services, but prioritizing ease of development over run-time performance. LWS services are transactional, maintain state across server failures and, most importantly, interoperate with standard web service clients and servers. User-friendly development tools bridge the gap between SOAP data types and loosely typed scripts, allowing web service operations to evolve incrementally over the course of a debugging session. Script-based services are described by standard WSDL, and clients need not differentiate between LWS services or their more conventional counterparts. Once program logic, data requirements, and external interfaces have stabilized, a developer may choose to re-implement a prototype, targeting a more optimized run-time environment. We'll use two concrete examples where script-based prototyping provides the developer a streamlined path to functional web services..."

[March 03, 2003] "Office Beta Eyes SMB." By Peter Galli. In eWEEK (March 03, 2003). "Microsoft Corp. is prepping the second beta of Office 2003 with new CRM-type features designed to attract more small and medium-size businesses, as well as other features to sway enterprises to upgrade. Beta 2 of Office 2003, the upgrade to Office XP, due by midyear, will include a new feature called Outlook 2003 with Business Contact Manager, as well as the first incarnations of DRM (digital rights management) in the suite. Sources familiar with the product said Business Contact Manager, previously code-named Iris and aimed at the SMB market, will let users track clients, create accounts, generate product lists, and track sales and account leads... While managers may welcome DRM, some systems administrators are less enthusiastic, saying it will add complexity. 'Solutions like this have the potential to create utter chaos,' said a systems administrator for a consultancy based in Mountain View, Calif., who requested anonymity. 'What happens if someone who put a document under controls gets fired or leaves without sharing his password? What if another person incorrectly applies the controls and is then on leave or unable to be contacted?' Eschbach said a systems administrator could override controls. On other fronts, Microsoft wants to ensure that the suite's file formats give users full access to its XML schemas, which allow 'smart documents' to be created in Office 2003. 'The goal is not to have another proprietary lock-in schema. The No. 1 push in Office 2003 is user-defined schema," [Microsoft's] Eschbach said..."

[March 03, 2003] "Dual Tragedies: IP Rights in Industry Standards." By Daniel Lin (Kirkland & Ellis). In IEEE Computer Volume 36, Number 2 (February 2003), pages 25-27. "Companies often participate in a cooperative standard-setting effort to minimize research and development risks. However, the industry's aggressive use of patents forces standard-setting organizations (SSOs) to struggle with producing the best standard technically while encouraging its widespread adoption by limiting the proprietary technology that users must license. To balance these interests, many SSOs require members to disclose any patents related to a proposed standard. These disclosures potentially expose technical and market strategies to competitors. By illuminating this problem, the 'tragedy of the commons' and 'tragedy of the anticommons' can help SSOs implement disclosure policies that reduce member burdens and risks, thereby encouraging participation in creating high-quality standards... The 'tragedy of the commons' occurs because each participant seeks to maximize its own gain by incorporating its technology into the standard without considering the negative aggregate effect on the standard. Thus, the standard becomes under-utilized, creating a 'tragedy of the anticommons,' in which multiple owners have a right to exclude others from using the resource and no one has an effective privilege of use. Rather than using the SSO-sponsored standard, potential users might find that developing their own alternative solution or licensing a proprietary solution from a third party costs less. As such, even if the SSO succeeds in developing the best 'technological' standard by incorporating the best patented technology from its participants, the standard may ultimately fail to become widely adopted..." See: "Patents and Open Standards."

[March 03, 2003] "HP Zeros In on Web Services Management." By Darryl K. Taft. In eWEEK (March 03, 2003). "Hewlett-Packard Corp. announced several initiatives around Web services management Monday, including the formation of a dedicated Web services management team within the company, a focus on Web services management in the Java environment, expansion of HP OpenView into Web services management, and a leading role in setting standards for Web services management. HP's chairman and chief executive, Carly Fiorina, made the announcements Monday during a keynote speech at BEA Systems Inc.'s eWorld developer conference in Orlando, Fla. Fiorina said management concerns remain one of the key inhibitors to widespread adoption of Web services. Said Al Smith, CTO of the newly announced Web Services management organization at HP: 'We've made a laser-like focus on the direction we're taking with software, and we're going to use OpenView as the cornerstone of HP's Web services management initiative... Smith said HP will be working with a number of other companies, including IBM Corp., Novell Inc. and webMethods Inc., to form a new technical committee in the Organization for the Advancement of Structured Information Standards (OASIS). The new committee, which will be announced later this week, will be known as the Web Services Distributed Management (WSDM) committee and will seek to create a standard for Web services management, Smith said. The WSDM committee is a reorganization of the Web Services management Task Force, another OASIS group. WSDM will re-emphasize the work the task force started and will work in close alignment with the World Wide Web Consortium's Web Services Architecture efforts and the Global Grid Forum's work on management in the Web services space, Smith said. Smith said HP will contribute a Web services management framework to the OASIS group. He said the framework proposes two-way communication in Web services management and is designed to enable developers to create "management-ready" systems for integration with existing standards-based management tools... And as part of its own product offerings, HP has developed a suite of software components, the HP OpenView Web Services Management Engine, which enables users to intercept Web services requests and manage the service as opposed to the platform where it resides, Smith said. And specific to BEA, HP offers the HP OpenView Transaction Analyzer, which uses APIs, co-developed with BEA, to monitor application transactions. In addition, HP has an HP OpenView Smart Plug-in for monitoring and managing BEA WebLogic Servers..." Related references: (1) "Fiorina: HP Makes Strategic Investments in Web Services Management. Company Unveils Software, Services, Standards Framework to Help Customers Adopt Web Services, Bridge Competing J2EE and .NET Worlds."; (2) "OASIS Technical Committee Addresses Management of Web Services."

[March 03, 2003] "Trades at Top Speed. Straight-Through Processing Means that Financial Services Firms must Move to All-Digital Processes to Remain Competitive and Connected." By Lucas Mearian. In Computerworld (March 03, 2003). "In the name of straight-through processing (STP) of securities trades, financial services companies over the next two years will spend an estimated $6 billion replacing their manual processes by plugging into virtual trade-matching utilities (VMU), installing middleware and integrating front- and back-end computer systems. In simple terms, STP is the removal of manual processes in the trade-processing cycle, including paper and disparate data systems, creating an unbroken electronic stream of information from the broker/dealer to the clearinghouse. At present, much of the trades process still relies on fax or telephone. STP includes messaging standards, translation middleware and electronic connectivity among investment managers, broker/dealers, custodian banks and clearing companies. One confusing aspect of STP is its association with T+1, or trade plus one day. T+1 refers to reducing the trade settlement cycle from the current standard of three days to one, and it's dependent on STP's electronic efficiencies... Because banks work with multiple brokerages to authorize the release of funds that are used to cover securities trades, the manual approval processes used today can take several days to clear even one trade. 'Firms use multiple systems, and not all of them are linked together. The issues have to do with linking all the systems together so transactions flow from one to another with no one handling it. There are snafus everywhere along the line,' says Tabb. Internal message standards for cash reporting, bulk payments, investment funds, securities pretrade processes and customer-to-bank credit transfers are virtually nonexistent, say analysts. Applications and messaging systems within securities firms and banks weren't created with consistent architectures, so middleware is needed to send data from one message format, such as the Financial Information Exchange (FIX) protocol, to back-end systems that may use proprietary formats. Generally, high-value customers -- those who trade more than $100,000 a day -- call brokers or sales representatives on a trading desk to check their account balances, stock holdings and what excess cash they might have to invest. Sales representatives then write up order tickets by hand and fax them to an operations department, where someone else keys in the order into back-office systems. Those orders then have to be reconciled between the front and back office to make sure all the tickets were received without any missed trades... One key issue for all companies participating in securities trading is connectivity to nascent VMUs, such as Boston-based Omgeo LLC and the Zurich-based Global Straight-Through Processing Association. Matching in posttrade message instructions at one centralized data center creates an unbroken flow of electronic data between financial services firms. Matching utilities are basically trading traffic managers. They use large servers or mainframes and common messaging formats based on XML to allow broker/dealers and investment managers to communicate with one another and assemble the many pieces of data required for a trade to be confirmed before being sent on for settlement by a custodian bank..."

[March 03, 2003] "Experts: Copyright Law Hurts Technology." By Robert Lemos. In CNET News.com (March 01, 2003). "Attempts to protect copyrighted material have strayed from their original purpose, say lawyers, technologists and academics, but few can agree on the solution. Speaking Friday at a University of California at Berkeley conference on the law and policy of digital rights management, experts from all circles seem to agree that more is going wrong than right with the current approach to protecting digital content. Moreover, they argue that current laws such as the Digital Millennium Copyright Act (DMCA) -- which makes cracking copyright protections illegal, even when otherwise acceptable under other laws -- are serving the extremes, not the mainstream populace. 'There has to be a way between the lunatics at the two extremes,' said Larry Lessig, a law professor at Stanford University and well-known opponent of the DMCA. 'We need to build a layer of reasonable copyright law on top of this background of unreasonable extremism.' Such sentiments for loosening the control of copyright holders are finding far more fertile ground these days, in the wake of a number of lawsuits that illustrate the dangers of the DMCA. Far fewer people believe that the DMCA is an appropriate method to stave off digital pirates in the Internet age David Farber, law professor for the University of Pennsylvania, said that digital rights management systems need to be in place to protect not the minority of big corporations but the masses of people. 'I am not talking about protecting the media companies from people using their content,' he said. 'I am concerned with protecting my information and finding out who made copies of it.' Until copyright policy tilts back to the populace, people will likely resist such systems, said John Erickson, a system program manager for Hewlett-Packard Labs, who spoke on one of four panels Friday. 'We are taking the human being out of the equation...and putting a chastity belt on technology,' he said. He stressed that laws and technology, such as digital rights management, need to take constitutional issues into account. 'There is not social governance of what goes into a rights management language,' he said. 'If we are to have the regimes, we need to figure out how to have people in the loop'..." Related resources: (1) Berkeley DRM Conference website; (2) BLCT Digital Library publications; (3) "XML and Digital Rights Management (DRM)"; (4) "Patents and Open Standards."

[March 03, 2003] "The Standard Bearers Close Ranks." By Frank Tansey (Project Administrator, CaliforniaColleges.edu). In Syllabus Volume 16, Number 8 (March 2003), pages 12-14, 36-37. With sidebar: 'Alphabet Soup: eLearning Standards Organizations.' "Collaboration is bringing the education community closer to long-held dreams of content portability and access to next-generation tools. For most educators, the various eLearning specifications and standards organizations seem far removed from the classroom. Certainly, many have heard of IMS, OKI, and ADL SCORM. However, most would have difficulty explaining how any of these key specifications might affect their online teaching. The reality is that several groups are producing specifications that will affect the way technology is used in online education. Behind the scenes, there is a revolution going on in the way eLearning specifications and standards are being developed. This is not a newly discovered way to provide features for online education. Instead, it is the result of the increasing collaboration and cooperation between key organizations to share the workload and build on the accomplishments of others. Among the five key organizations developing specifications and standards for eLearning are: the IMS Global Learning Consortium (IMS), the Open Knowledge Initiative (OKI), the Advanced Distributed Learning (ADL) Co-Labs, the Schools Interoperability Framework (SIF), and the IEEE Learning Technology Standards Committee (IEEE LTSC). These five organizations represent the collaboration occurring across the entire eLearning spectrum. Each is structured as a vertical or a horizontal organization depending on its mission and constituency. Vertical organizations are generally designed to represent one online learning constituency. For example, OKI focuses on higher education, ADL focuses on training, and SIF focuses mainly on K-12. The horizontal organizations serve many constituencies and thus cut across the verticals. For instance, IMS and the IEEE LTSC attempt to provide specifications and standards that meet the needs of many vertical efforts. When these vertical and horizontal organizations cooperate with each other, they do so in many different configurations that ideally lead to more robust, general specifications... There are three main ways that collaborative efforts can be used in specification development, says Ed Walker, chief executive officer of IMS. The first is for an organization to find an existing specification to adopt. The second option is to influence or modify an existing specification. And the final alternative is for an organization to create its own specification with the help of other groups. In all cases, collaboration is the key to a successful plan..." See general references in: "XML and Educational Technologies."

[March 03, 2003] "XML in Higher Education. SMIL: Multimedia Rides the XML Wave." By Frank Coyle (School of Engineering, Southern Methodist University). In Syllabus Volume 16, Number 8 (March 2003), pages 22-25. "SMIL (pronounced 'smile') is an acronym for Synchronized Multimedia Integration Language, an XML-based dialect for describing the layout and synchronization of multimedia applications... For educators, SMIL opens the door to sophisticated multimedia development. With minimal effort, SMIL makes it possible for authors to: (1) Add audio commentary to images and text; (2) Animate slide presentations that dynamically change as different elements become the focus of attention; (3) Add on-screen controls that allow users to stop and start a presentation; (4) Create courseware that integrates audio, video, animation, and text. Individual multimedia components can be stored either on a user's PC or delivered from a Web server. SMIL presentations may play in a browser with a SMIL plug-in or in a standalone player such as RealOne or QuickTime that reside on consumer devices and are independent of browsers. Because SMIL documents are text files, SMIL files can be customized on a server manually with a text editor or by using a script, such as AppleScript or PERL, or through the use of XML transformation tools such as XSLT. What's exciting for the aspiring multimedia author is that anything that can generate text can create a SMIL document... The recent finalization of the SMIL 2.0 specification, coupled with significant industry support, has made SMIL an attractive option for educators. As authors gain experience using SMIL, expect new ideas to emerge that leverage SMIL's capacity for delivering dynamic content based on the assembly of individual multimedia components. Currently, SMIL is stewarded by the SYMM Working Group, a mix of experts from a wide range of industries including CD-ROM manufacturers, Interactive TV, mobile communications, and audio/video streaming -- all interested in bringing synchronized multimedia to the Web. A recent initiative includes bringing SMIL content into the hands of the mobile user via PDAs and even cell phones. For example, the SMIL 2.0 Recommendation includes a simplified version of SMIL targeted for mobile devices. Known as the SMIL 2.0 basic profile, it includes features that map to the limitations of hand-held devices. This is an exciting development for educators, because it opens the door to the reuse of those same multimedia chunks used in the creation of desktop multimedia presentations..." See: (1) W3C Synchronized Multimedia website; (2) Charter for the W3C Timed Text Working Group; (3) "Synchronized Multimedia Integration Language (SMIL)."

[March 03, 2003] "The Need for Digital Archiving Standards." By Michael Looney (Adobe Systems Inc). In Syllabus Volume 16, Number 8 (March 2003). "The job of digitally storing and sharing that content is increasingly complicated. The Web, as just one example, is the largest living document ever created. At four billion public pages (and another 550 billion pages accessible via the 'deep Web'), it is 55 times larger than the entire contents of the Library of Congress. Only 10 years old, the Web already is a fundamental resource for students and faculty, who find they are moving from a print-based world to one saturated with ever-changing digital content. The Web adds seven million new pages every day, but on average those pages disappear in 44 days... While organizations like RLG work to define digital archiving standards, certain technologies are likely to find themselves at the forefront of the debate. Their prominence suggests that they will play at least some role as standards evolve. One of these technologies is XML (eXtensible Markup Language), which is becoming vastly popular for many applications. XML allows information to quickly come together from various locations to form a Web document that can be easily read, and features an advanced approach to tagging content so that its components appear in their logical order once they reach their destination. XML appears to be an excellent candidate for supplying the technical backbone of a digital indexing system. 'XML schema language can provide the universal structure that allows any school to look at technical metadata,' explains RLG's Proffitt. Maintaining accurate page format of the paper document, however, is not among XML's many strengths. This doesn't matter if a student is reading the text of Dr. Martin Luther King Jr.'s historic 'I Have a Dream' speech. But XML is at a disadvantage when a student must view an original document. While XML excels at transporting information, PDF excels at displaying visually rich information. PDF preserves the pagination integrity of original documents, even when they are viewed on PDAs or next-generation wireless phones. Digital archiving is a marriage of data and documents. The two must live together, and for a very long time. Adobe's recent development around PDF recognizes this. Acrobat 5.0 exports XML along with PDF, resulting in an XML-tagged document that retains its pagination no matter how it is reviewed a subset of PDF -- PDF/A, with the 'A' standing for archive -- is being developed for archiving and preserving digital documents. PDF/A -- a joint initiative by the Association for Suppliers of Printing, Publishing and Converting Technologies (NPES) and the Association for Information and Image Management, International (AIIM) -- will address the growing need to electronically archive documents to ensure preservation of their contents over an extended period of time. PDF/A will also ensure that those documents can be retrieved and rendered with a consistent and predictable result far into the future..." PDF/A metadata would use XMP; see "Extensible Metadata Platform (XMP)." Further information on PDF/A is available from AIIM; see also the draft of 2003-02-21.

[March 03, 2003] "HP Sets Stage for Web Services." By Martin LaMonica. In CNET News.com (March 03, 2003). "Hewlett-Packard CEO Carly Fiorina on Monday underscored the company's alliance with BEA Systems and detailed HP's latest Web services management initiatives... HP and BEA are also committed to driving the business adoption of Web services, which is software that eases the exchange of data between different information technology systems. For HP's part, Fiorina detailed a series of investments that the tech giant intends to make around Web services management, including a contribution to standards bodies that involves BEA... Palo Alto, Calif.-based HP has created a dedicated Web services management organization within its software business. The new unit has built a "Web service management engine" that will work with HP's OpenView network management software. The components will allow an IT administrator to manage Web services and ensure that they are running well with monitoring and diagnostics tools. The Web services management engine, which will be an add-on to OpenView, is targeted for initial release around the middle of the year, according to Al Smith, chief technology officer for Web services management organization with HP's OpenView group. On the standards front, HP said it is working with BEA, Tibco, WebMethods and Iona Technologies to contribute a Web services management specification to a distributed management working group within the Organization for the Advancement of Structured Information Standards, or OASIS. The submission is designed to give businesses a standard method for modeling a Web services application and for designing the interactions between different Web services. The submitted standard would let application developers incorporate management services such as authentication and quality of service as they build applications, HP's Smith explained. Programming tool companies, such as BEA, are expected to add those capabilities into their products..." See HP's announcement and "OASIS Technical Committee Addresses Management of Web Services."

Earlier articles... February 2003

[February 28, 2003] "Requirements for Format for Incident Report Exchange (FINE)." By Yuri Demchenko (NLnet Labs), Hiroyuki Ohno (WIDE Project, Japan), and Glenn Mansfield Keeni (Cyber Solutions Inc.). IETF Network Working Group, Internet Draft. Reference: 'draft-ietf-inch-requirements-00.txt.' Category: Informational. February 2003, expires August 2003. "The purpose of the Format for INcident report Exchange (FINE) is to facilitate the exchange of incident information and statistics among responsible Computer Security Incident Response Teams (CSIRTs) and involved parties for reactionary analysis of current intruder activity and proactive identification of trends that can lead to incident prevention. A common and well-defined format will help in exchanging, retrieving and archiving Incident Reports across organizations, regions and countries... Computer security incidents occur across administrative domains often spanning different organizations and national borders. Therefore, the exchange of incident information and statistics among involved parties and the responsible Computer Security Incident Response Teams (CSIRTs) is crucial for both reactionary analysis of current intruder activity and proactive identification of trends that can lead to incident prevention. In the following we refer to the information pertaining to an incident as an Incident Report. Actually Incident Report created and handled by CSIRT may have internal proprietary format that is adopted to local Incident handling procedure and used Incident Handling System (IHS). It is intended that exchange of Incident information will be conducted in a common format referred in this document as Format for INcident report Exchange (FINE). This document defines the high-level functional requirements to the FINE intended to facilitate collaboration between CSIRTs and parties involved when handling computer security incidents." Related references: (1) IETF Incident Object Description and Exchange Format (IODEF); (2) "Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition"; (3) IETF Extended Incident Handling Working Group.

[February 28, 2003] "Web Services Security, Part 1. Securing Web Services." By Gopalakrishnan U and Rajesh Kumar Ravi (IBM India Software Labs). From IBM DeveloperWorks, Web Services. February 25, 2003. ['This article introduces various aspects of the Web Services Security Framework and provides step-by-step guidelines on how to write and deploy secure Web services applications using HTTP as the transport vehicle. This article explains three methods to secure Web services applications, namely, HTTP basic authorization, secure socket layer (SSL) over HTTP (HTTPS), and a hybrid of HTTP basic authorization with HTTPS. The second article in this series will provide an introduction to the WS-Security model and how you can use it to secure your Web services applications.'] "e-business relies on the exchange of information between business partners over a network. In such a setup, as the information/data travels from the source to the destination, there is always the risk of the data being stolen or modified. The same security risks are applicable to Web services transactions. In Web services transactions using SOAP, the data are passed between the service invoker and service provider as plain XML, so anyone who intercepts the messages can read the data that are exchanged. In the Web services scenario the security aspect is more complicated because: Soap messages can be sent using different transport applications or protocols like HTTP, SMTP, etc., which might have a very high security model to no security model at all. Hence, there is a need for a comprehensive security framework for Web services applications, which is common to all types of transport protocols. There could be legitimate intermediaries that might need to access a part or whole of the SOAP message, and even modify the message. Thus the security model must be comprehensive enough to allow such intermediaries. This article will introduce the various aspects of Web services security and will provide step-by-step guidelines on how to write and deploy secure Web services applications with existing technologies... The security methods discussed provide simple, but effective, solutions to secure your Web services transactions over HTTP. However, a word of caution. As the complexity of Web services transactions increases, these methods may become unsuitable. Consider, for example, that the methods discussed above would be unsuitable if the same SOAP messages were exchanged using SMTP (Simple Mail Transfer Protocol). Similarly, the solutions presented above might not be applicable if there were legitimate intermediaries present. In order to address these issues, a comprehensive WS-Security specification is being developed and standardized. The second article in this series will introduce the WS-Security specification and provide a detailed account of how it can be used to take the security of your Web services applications to the next level..." Related references at "Security, Privacy, and Personalization."

[February 28, 2003] "WS-I Announces Board Nominations." By Darryl K. Taft. In eWEEK (February 26, 2003). "The Web Services Interoperability Organization (WS-I) Wednesday announced the nominations for two openings on the organization's board of directors. WS-I officials said representatives from Cape Clear Software Inc., Nokia Corp., SeeBeyond Technology Corp., Sun Microsystems Inc., VeriSign Inc. and webMethods Inc. have been nominated for election to the organization's board of directors. The limited number of nominees means a better possibility for Sun to join the board, where many -- including company insiders -- have, since the inception of WS-I a year ago, said Sun rightfully belongs. Sun cleared the way for joining WS-I in October after much wrangling, finger pointing and murmuring regarding Sun's role as an innovator in the world of Web services. WS-I officials said elections will be held in mid-March, with the results being announced March 28 and the new directors beginning their one- to two-year terms on April 1, 2003. A WS-I spokeswoman explained that the newly elected board members would have tenure of one or two years. The usual term for an elected board member is two years, and founding members such as IBM Corp. and Microsoft Corp. are permanently in position. 'The basic story is that there will be two directors elected,' a WS-I spokeswoman said. 'The one with the fewer votes during the March election receives a 12-month term. The one with the most votes receives the standard 24-month term. The usual term for an elected director is 24 months. This start up aberration is in place so that we can establish a staggered election schedule were one director position is filled each year.' The nominated companies and individuals are: Jorgen Thelin, chief scientist at Cape Clear; Juhani Murto, senior manager of Web services architecture at Nokia; Ugo Corda, principal standards analyst at SeeBeyond; Mark Hapner, distinguished engineer and chief Web services strategist at Sun; Sundar Krishnamurthy, a product manager at VeriSign; and Andy Astor, vice president of Enterprise Web Services at webMethods..." "Web Services Interoperability Organization (WS-I)."

[February 27, 2003] "Topic Map Constraint Language Requirements." By Graham Moore and Mary Nishikawa. 2003-02-23. ISO/IEC JTC 1/SC34 N0xxx. Work product from ISO/IEC JTC 1/SC34 Information Technology -- Document Description and Processing Languages. Reference posted to the 'sc34wg3@isotopicmaps.org' mailing list on 2003-02-28 by Mary Nishikawa with Subject "TMCL Requirements Draft for Review." Supersedes the earlier document "Draft requirements, examples, and a 'low bar' proposal for Topic Map Constraint Language (TMCL)" ISO/IEC JTC 1/SC34 N226, 2001-05-24. This is the first public working draft for TMCL Requirements. "The Topic Map Constraint Language (TMCL) will provide a means to express constraints over and above the constraints currently defined by the Standard Application Model (Data Model for Topic Maps). Its goal will be to provide a language such that a topic map can be said to be conforming within a topic map or within a class of topic maps. It may help optimization both of topic map storage and of TMQL queries based on schema information. It may provide more intuitive user interfaces for creating and maintaining topic maps. This document will define the requirements that we expect the language will provide. TMCL is to be developed by ISO/JTC SC34 WG3 and this requirements document is for members of the committee and implementers who have expressed an interest in the development of a Topic Map Constraint Language... TMCL must define a standard way to explicitly indicate how topic map constructs are to be constrained. It should specify the topic characteristics a topic will have and the kinds of structures an association will have. TMCL shall be specified in terms of SAM (Standard Application Model for Topic Maps), a data model, and will not be specified on any serialization format for topic maps. This will automatically allow it to support both XTM & HyTM s well as LTM and AsTMa=, since these all have mappings to SAM..." Related references: (1) The Topic Map Constraint Language website; (2) Topic Map Constraint Language mailing list 'tmcl-wg'; (3) "Guide to the Topic Map Standardization; (4) "ISO SC34 Publishes Draft Reference Model for Topic Maps (RM4TM)"; (5) general references in "(XML) Topic Maps."

[February 27, 2003] "XML Puts Content In Play. Merrill Lynch, Aliant Telecommunications and the U.S. Navy are Among the Innovators Moving Extensible Markup Language from Concept to Reality." By Bill Trippe. In Transform Magazine (March 2003). "XML emerged in the late 1990s as the all-purpose solution to your technology woes. Have a content management problem? XML will solve it. Have an application integration problem? XML to the rescue! Have a legacy system you need to get to the Web? Three guesses as to what will solve your problem, and the first two don't count. In other words, XML has been overhyped. At the same time, it seems to be everywhere. Developers love it, and many now see it as an essential tool in their programming toolkits. Vendors are all over it, and it is core to strategies from the likes of Microsoft, Sun, Oracle and IBM. Moreover, the standards community is replete with XML-based initiatives. Clearly, there is some reality to XML that lies between information nirvana and nothing. Many organizations have actually put XML to work, and have learned valuable lessons on effective approaches and pitfalls to avoid. This article profiles four organizations that are successfully using XML in core business areas. These organizations represent both industry and government, and they're tackling applications ranging from content management to government compliance to billing and reporting. Some of the applications are departmental while others are enterprisewide. While the details of the customer's requirements and solutions differ, they share some characteristics: (1) All of the applications involved customer-facing Web sites or integration with Web-based content and applications; (2) Legacy systems needed to be preserved -- sometimes for the long run and sometimes just so the project could proceed quickly... The reality for these organizations was that business problems needed to be solved quickly against a backdrop of heterogeneous platforms, legacy systems and a growing audience of users only a browser away. While XML never solved the whole problem, it always emerged as a key element in the solution -- sometimes as source format, sometimes as a format for interchange. In every case, XML helped solve a practical business problem and wasn't used just because it was the fashionable choice. All the hype around XML is clouding the real success of the technology, which is often practical and powerful, yet, frankly, mundane. As one technologist interviewed for these stories remarked, XML is a means to an end, not the end itself..."

[February 27, 2003] "Oracle Adds Standard to Server Software." By Sandeep Junnarkar. In CNET News.com (February 27, 2003). "Oracle on Thursday said its application server software now supports a popular e-business standard, making it easier for companies to conduct business over the Web. The business software company said its Oracle9i Application Server adopts standards defined by RosettaNet, an electronic business standards consortium. The consortium, which has more than 450 members, including Intel, Cisco Systems, Hewlett-Packard, Oracle, Microsoft and IBM, specializes in Web standards for exchanging data over the Internet using Extensible Markup Language (XML). RosettaNet, which was founded in 1998, recently became a subsidiary of the Uniform Code Council, which develops standards for the retail industry. RosettaNet is one of several organizations defining XML and Web-based standards for electronic commerce applications. Others include the Organization for the Advancement of Structured Information Standards, or OASIS, along with the World Wide Web Consortium and the Web Services Interoperability Organization..." See the news story of 2003-02-26: "RosettaNet Software Interoperability Trials Test RNIF Connectivity Software." General references: "RosettaNet."

[February 26, 2003] "XML Matters: Kicking back with RELAX NG, Part 1. Doing Better Than the W3C XML Schema." By David Mertz, Ph.D. (Idempotentate, Gnosis Software, Inc). From IBM developerWorks, XML zone. February 2003. ['RELAX NG schemas provide a more powerful, more concise, and semantically more straightforward means of describing classes of valid XML instances than do W3C XML Schemas. The virtue of RELAX NG is that it extends the well-proven semantics of DTDs while allowing orthogonally extensible datatypes and easy composition of related instance models. David Mertz takes a first look at RELAX NG in this, the first installment of a three-part series.'] "I have long been wary of W3C XML Schemas, and to some extent of XML itself. A jumble of companies and groups with divergent interests and backgrounds cobbled together the W3C XML Schema specification by throwing in a little bit of everything each party wanted, creating a typical committee-designed, difficult-to-understand standard. In fact, I have so many reservations that I generally recommend sticking with DTDs for validation needs, and filling any gaps strictly at an application level. About a month ago, however, I started taking a serious look at RELAX NG. Like many readers, I had heard of this alternative schema language previously, but I had assumed that RELAX NG would be pretty much more of the same, with slightly different spellings. How wrong I was. RELAX NG is simply better than either W3C XML Schemas or DTDs in nearly every way! In fact, RELAX NG's ability to support unordered (or semi-ordered) content models answers most of my prior concerns about the mismatch between the semantic models of OOP datatypes and the linearity of XML elements. This article is the first of three XML Matters installments that discuss RELAX NG. This installment will look at the general semantics of RELAX NG, and touch on datatyping. The second installment will look at tools and libraries for working with RELAX NG. The final installment will discuss the RELAX NG compact syntax in more detail... The semantics of RELAX NG are enormously straightforward -- in this respect, they are a natural extension of DTD semantics. What a RELAX NG schema describes is patterns that consist of quantifications, orderings, and alternations. In addition, RELAX NG introduces a pattern for unordered collection, which neither DTDs nor W3C XML Schemas support (SGML does, but less flexibly than RELAX NG). Moreover, RELAX NG treats elements and attributes in an almost uniform manner. Element/attribute uniformity corresponds much better with the conceptual space of XML than does the rigid separation in both DTDs and W3C XML Schemas. In actual design, the choice between use of an attribute and an element body is frequently underdetermined by design considerations and/or is contextually sensitive..." Also in PDF format. General references in "RELAX NG."

[February 26, 2003] "Relax NG." By Eric van der Vlist. Website for the online book. 2002-2003. Work in progress, with substantial content as of 2003-02-26. "Relax NG is a book in progress written by Eric van der Vlist for O'Reilly and submitted to an open review process. The result of this work will be freely available on the World Wide Web under a Free Documentation Licence (FDL). The subject of this book, Relax NG (http://relaxng.org), is a XML schema language developped by the OASIS RELAX NG Technical Committee and recently accepted as Draft International Standard 19757-2 by the Document Description and Processing Languages subcommittee (DSDL) of the ISO/IEC Joint Technical Committee 1 (ISO/IEC JTC 1/SC 34/WG 1)..." See also: (1) "Document Schema Definition Languages (DSDL)"; (2) general references in "XML Schemas." General references in "RELAX NG."

[February 26, 2003] "Oracle App Server Certified for RosettaNet. Software Meets Standards for Electronic Sharing of Data." By Joris Evers. In InfoWorld (February 26, 2003). "Oracle's 9i Application Server is the first to meet compatibility standards for electronic sharing of business data as set by the RosettaNet consortium, Oracle said Wednesday. Version 9.0.4 of the 9i Application Server Release 2, scheduled to be out in the second quarter of this year, will offer integrated support for RosettaNet, Oracle said in a statement, confirming what it said at the Oracle World event late last year. Besides Oracle, another ten integration software vendors are testing their products in an interoperability testing program set up by Oracle in cooperation with RosettaNet, Oracle said. The RosettaNet protocol is based on XML (Extensible Markup Language) and is intended to allow companies to electronically link with suppliers and customers without the need to set up EDI (electronic data interchange) links, thereby reducing costs, resources and implementation time..." See the news story of 2003-02-26: "RosettaNet Software Interoperability Trials Test RNIF Connectivity Software." General references: "RosettaNet."

[February 26, 2003] "RosettaNet Members Trumpet Interoperability." By Clint Boulton. In InternetNews.com (February 26, 2003). "Led by Oracle, members of the RosettaNet consortium have announced the successful completion of software interoperability tests. RosettaNet is a non-profit organization whose goal is to implement standards for supply-chain transactions on the Internet. Supported along with Oracle by such members as Microsoft, IBM and Intel, it hashes out business-to-business (B2B) compatibility standards that many high technology outfits are keen on adopting... Creating interoperability among RosettaNet members helps connect RosettaNet trading partners to reduce costs and deployment time. The news is indicative of the importance software infrastructure concerns are placing on established and emerging standards, which many in the industry believe will help companies get on the same page in terms of interoperability. Oracle scored an industry first Wednesday when its flagship Oracle9i Application Server was certified for implementations... webMethods said it is among the first RosettaNet solution providers and partners to successfully complete the RosettaNet Interoperability and RosettaNet Compliance Badge Programs, the latter of which gives customers an additional layer of confidence that the solution providers are fully compliant according to published RosettaNet Implementation Framework (RNIF) 2.0 and or specific Partner Interface Processes. Sterling Commerce has proven its ability to transmit business data and communicate with other companies using the RosettaNet Implementation Framework (RNIF) version 2.0. Tibco completed the RosettaNet Software Interoperability Trials and Vitria's Vitria's BusinessWare for RosettaNet 3.2 was found to support interoperability requirements as identified in the test plan..." See the news story of 2003-02-26: "RosettaNet Software Interoperability Trials Test RNIF Connectivity Software."

[February 26, 2003] "OASIS Takes On Reliability Spec for Web Services." By John Fontana. In Network World (February 26, 2003). "The Organization for the Advancement of Structured Information Standards (OASIS) on Wednesday said it is forming a Web Services Reliable Messaging (WS-RM) technical committee that will develop a specification to guarantee the delivery of messages between applications, especially those executing business transactions. WS-RM will include three types of delivery: guaranteed delivery, which means the message is delivered at least once; duplication elimination, which ensures the message is delivered at most once; and message delivery sequencing, which determines the order in which messages are delivered. Eventually, the specification will be integrated with Web Services Description Language (WSDL), which is used to describe how a Web service operates and would signal that an application has a reliable delivery capability. Besides the original companies that drafted the foundation specification in January, the WS-RM technical committee also includes Commerce One, Cyclone Commerce, IONA, SAP, See Beyond, webMethods and WRQ. Not part of the group, however, is BEA Systems, which is preparing to release a proprietary reliable messaging technology for Web services as part of an upgrade to its WebLogic Platform. Also missing initially are powerhouses IBM and Microsoft, which have been major players in crafting Web services standards. IBM has created a similar reliable messaging specification called HTTP-Reliable. HTTP is the transport mechanism for SOAP, and the IBM specification enhances HTTP to ensure that a sender is returned a response of 'undeliverable' if their message did not reach its destination. While the IBM specification is bound to HTTP, the WS-RM proposal allows for the use of any transport mechanism that can be bound to SOAP... The WS-RM work will dovetail with other Web services standard work, including OASIS groups working on Web Services-Security and Security Assertion Markup Language, which was recently approved as a standard. The WS-RM committee plans to take input from the World Wide Web Consortium's Web Services Architecture Working Group..." See details in "OASIS Members Form Technical Committee for Web Services Reliable Messaging." General references in "Reliable Messaging."

[February 26, 2003] "OASIS Eyes Web Services Messaging. IBM, Microsoft Not Behind Spec Yet." By Paul Krill. In InfoWorld (February 26, 2003). "OASIS will develop a generic model for ensuring reliable message delivery for Web services, but the initiative lacks the support thus far of industry stalwarts IBM and Microsoft... The newly formed OASIS Web Services Reliable Messaging (WS-RM) Technical Committee plans to establish a standard, interoperable way of achieving reliability at the SOAP messaging level and potentially with other messaging protocols. OASIS announced the effort on Wednesday. The WS-Reliability specification, from Sun Microsystems, Oracle, Fujitsu and others, will be submitted as input for the WS-RM Technical Committee and other contributions are welcome, OASIS said. Microsoft and IBM, however, are declining to participate in the OASIS effort for the time being, which raises questions on how successful an industry standards effort can be without their participation. Microsoft and IBM Wednesday released prepared statements about OASIS's announcement. 'Microsoft continues to view the ongoing community work in the area of Web services as important, but has decided not to join this OASIS technical committee,' the company said, declining to elaborate on its reasons. IBM released a prepared statement attributed to Steve Holbrook, program director, IBM emerging e-business standards: 'While IBM is not joining the effort at the beginning, we are confident that the industry will unite around a common standard, and we will be active participants. IBM was influential in many of the constructs of WS-Reliability based on our early work on ebXML. 'History shows that many companies provide input to important standards, resulting in a functionally-rich specification that satisfies the industry. We think that the final standard for message reliability will be based partially on WS-Reliability, and we expect that this standard will evolve to correlate with several other Web services specifications underway.' Sun officials last week challenged IBM and Microsoft to adopt a royalty-free stance on emerging Web services standards. Sun intends to promote this stance as it seeks a seat on the Web Services Interoperability Organization (WS-I) Board of Directors. Sun's Mark Hapner, distinguished engineer and chief Web services strategist, would hold that seat... Interoperability, ease of implementation and ease of use are fundamental goals of the OASIS messaging effort, according to WS-RM Technical Committee chairman Tom Rutt, of Fujitsu, in a prepared statement... The OASIS Reliable Messaging specification will address message persistence, acknowledgement and resending, elimination of duplicate messages, ordered delivery and delivery status awareness for sender and receiver applications. WSDL definitions will be provided for reliable messaging. Message formats will be specified as SOAP headers and/or body content..." See details in "OASIS Members Form Technical Committee for Web Services Reliable Messaging." General references in "Reliable Messaging."

[February 26, 2003] "Providing a Value Set For Use in UDDI Version 3." Edited by Claus von Riegen (SAP). With contributions from Tom Bellwood (IBM). TC Technical Note produced by the UDDI Specification Technical Committee. Document identifier: uddi-spec-tc-tn-valuesetprovider-20030212. Abstract: "Through the use of value sets in UDDI registries, businesses are able to find each other and the services that meet their needs. This document provides guidelines for providers of value sets on how to model, register, and validate their value sets for use in UDDI Version 3." Topic: "In UDDI, a value set represents a set of values that can be used to provide meaning or context to a UDDI entity. Category, identifier, and relationship type systems are all value sets. Value sets play an important role within UDDI, because it is through their use that businesses are able to find each other and the services that meet their needs.... This paper guides the providers of value sets in the creation of value set services and in the registration of the value sets and these external value set services, following the recommended policies outlined in Chapter 9 of the UDDI Version 3 Specification..." Note: A 2003-02-24 posting from Tom Bellwood and Luc Clément (Co-chairs, OASIS UDDI Specification TC) reported that this document had been approved as a UDDI Spec TC Technical Note. General references in "Universal Description, Discovery, and Integration (UDDI)."

[February 26, 2003] "Rights Management? Or Restriction? Don't Be Fooled. Windows Rights Management Isn't About Safeguarding Your Rights." By Mary Jo Foley. In Ziff Davis Microsoft Watch (February 25, 2003). "If you were to go by the majority of headlines last week, you might be fooled. Press reports crowed: 'Microsoft Boosts Rights Management' - 'Microsoft Adds Rights Management Protection for the Enterprise' - 'Microsoft to Release Document Protection Software.' Windows Rights Management: It's a good thing. Isn't it? If you are a big company or organization with lots of correspondence and documents you want to keep secret, Windows RM is, indeed, a blessing. If you are a whistleblower, a journalist, a lawyer, a cop -- or anyone who has the audacity to want to use software other than Microsoft Windows or Office -- you should be very afraid... To me, RM, first and foremost, is an attempt by Microsoft to further lock customers in by requiring them to use Windows clients, Windows servers, Microsoft Office and Internet Explorer in order to create and consume documents. RM has another benefit, which I am not the first to note: It will eliminate the e-mail and document trails that hurt Microsoft in antitrust court..." See details in the 2003-02-25 news story "Microsoft Announces Windows Rights Management Services (RMS)."

[February 25, 2003] "Design XML Schemas Using UML. Translating Business Concepts Into XML Vocabularies." By Ayesha Malik (Senior Consultant, Object Machines). From IBM developerWorks, XML zone. February 2003. '[Unified Modeling Language (UML) is an industry standard that is used in modeling business concepts when building software systems in an object-oriented manner. Recently, XML has gained ground in becoming a key enabler of these systems in terms of transport of information and commands. XML schemas, which are used to define and constrain the nature of XML exchanged, have consequently come into the limelight. This article discusses the use of UML in designing XML schemas and gives a hands-on approach for using the UML framework to create your XML vocabularies.'] "When using the UML framework for constructing XML schemas, you must consider three issues: (1) The complementarities between UML and XML schemas; (2) How to extend UML to capture all the functionalities provided by schemas; (3) The ability to engineer XML schemas from UML diagrams... Many large conglomerates -- such as SWIFT, which provides the electronic infrastructure for trading and settlement for 7,000 financial institutions around the world -- are using UML-to-XML schema conversion to design their XML documents. UML represents the easiest way of modeling business concepts, especially when they are domain-specific. It is natural to want to extrapolate and automate the process so that the transformation is clean and complete. For this purpose, I have discussed the use of XMI and the ability of products such as hyperModel to generate the XML schema from the XMI describing the UML meta model. However, the reader is cautioned to always refine and double-check the validity of the model. Even though the ability to completely map UML to XML schemas has not yet been perfected, UML is a good way to start the modeling of XML schemas in an object-oriented manner. If the trend towards creating tools -- both open source and vendor managed -- for automatic generation of XML schemas continues, UML class diagrams might become a standard way of incorporating business concepts into XML vocabulary. As XML becomes intrinsic to all parts of a software system -- from data exchange to Web services messages to description of build scripts -- a clean, concise way of modeling XML schemas becomes imperative. UML is a tried and tested modeling tool for object-oriented systems, and it is attractive for developers, business analysts, and vendors as a medium for designing XML schemas. I believe we will see increasing use of UML as industries and consumers begin to develop their ontologies and services using XML..." Related references: (1) "UML 2.0 Vote Highlights Upcoming OMG Standards Meeting. Orlando, FL, USA, March 24-28, 2003."; (2) "Mapping Between UML and XSD"; (3) "Conceptual Modeling and Markup Languages."

[February 25, 2003] "UDDI Finds a Role After All." By Keith Rodgers. From LooselyCoupled.com. (February 20, 2003). "Two years after the fanfare of its introduction, UDDI adoption levels remain low. But users are beginning to see UDDI directories filling a practical role: adoption of UDDI is growing among web services pioneers; directory capabilities become more critical as the volume of services increases; but UDDI's origins have left design challenges; most users will acquire UDDI as a component of their web services platform... The latest specification of UDDI, version 3, has moved on from its B2B origins, adding features designed to meet users' needs for private registries. These include, for example, procedures for putting security keys into requests, or for enabling information transfer from one private registry to another. That said, the twists and turns in UDDI's evolution have also influenced its design and left some technical oddities. UDDI defines three registry components, which in layman's terms are akin to the Yellow Pages phone book -- or more precisely, to the trio of white, yellow and green pages. The white pages list companies' contact details and the key services they provide; the yellow pages categorize businesses using agreed taxonomies, including where they operate; and the green pages provide the technical data other companies need in order to take advantage of the services on offer. These three components will become useful to various individuals when organizations start to run between 20 to 50 services, suggests Mukund Balasubramanian, founder and chief technology officer of Infravio. Developers, for example, will require information about services as they're built -- what resources went in, what configurations were used and so forth. System administrators will want to look at the services from the perspective of how they were deployed -- which servers they're running on, for example, and what the loads are. The business user taxonomy, meanwhile, will help end users find the services they need... Increasingly, the question of how and when to adopt UDDI will be taken by the vendors rather than their customers. A private UDDI registry is already built into the latest release of IBM's WebSphere web service platform, and other vendors are not far behind. This may save organizations the trouble of getting their heads round what UDDI is or why it's important, but it will leave questions such as managing service quality and the degree of interoperability with other platforms unresolved. Ironically, those were the very same problems that stopped enterprises from eagerly adopting the B2B hubs of the dot-com boom. UDDI may have secured its place in the web services firmament by sidestepping such issues, but customers won't find it so easy to avoid facing up to them..." See "Universal Description, Discovery, and Integration (UDDI)."

[February 25, 2003] "XACML -- A No-Nonsense Developer's Guide." By Vance McCarthy. In Enterprise Developer News (February 24, 2003). "Earlier this month, OASIS adopted XACML 1.0 as its first cut at an open standard to help developers build interoperable access controls security for XML documents and end-to-end transactions. In general, XACML (the Extensible Access Control Markup Language) describes two key areas for security -- an access control policy language and a request/response language for two-way communications. At the root of XACML is a concern with access policies -- what XACML refers to as a Policy or a PolicySet. When XACML refers to 'policy,' it specifically means Authorization (AuthN) Policy. Each XACML policy document contains exactly one Policy or PolicySet root XML tag. A PolicySet is a container that can hold other Policies or PolicySets, as well as references to policies found in remote locations. A Policy represents a single access-control policy, expressed through a set of Rules. [Said OASIS XACML committee co-chair Hal Lockhart:] XACML defines and describes 'layering' between XML entities to clearly distinguish between security technologies that: (1) Create policy; (2) Collect the data required for policy evaluation; (3) Evaluate policy; and (4) Enforce policy. Why be so granular? One key answer is to enable interoperability for access control approaches, Lockhart said. 'While deployed systems may combine two or more of these into a single entity, the architecture maximizes flexibility. For example, a management tool from one vendor could generate policies that are evaluated by a product from another vendor,' he said. One early reaction from a web services software firm was also bullish on the opportunities for simplicity that XACML might provide. 'The XACML standard specifies how policies for information access can be communicated between systems in an XML format. Such a description can allow an application built by a developer to automatically discover the security policies in force to access the resource,' said Mukund Balasubramanian, CTO at Infravio, a provider of web services management and security software in Redwood City, California..." General references in "Extensible Access Control Markup Language (XACML)."

[February 25, 2003] "Let the Mobile Games Begin, Part 1. A Comparison of the Philosophies, Approaches, and Features of J2ME and the Upcoming .Net CF. [Wireless Java.]" By Michael Juntao Yuan. In JavaWorld (February 21, 2003). "Java 2 Platform, Micro Edition (J2ME) is by far the most advanced and successful mobile application platform available today. However, with mobile commerce growing into a multibillion-dollar industry, serious competition is on the horizon from Microsoft. Microsoft's latest mobile commerce offering is the .Net Compact Framework (.Net CF). What exactly is .Net CF? How does it measure up to J2ME? As Java developers, what can we learn from it to better compete? In this two-part series, Michael Juntao Yuan presents an objective and comprehensive comparison between the two platforms. If you work in a predominantly Microsoft shop, the .Net CF and Visual Studio .Net tools will definitely help you port enterprise applications to mobile devices. .Net CF leverages the large community of existing Windows developers and helps companies lower development costs. However, if you are in a heterogeneous environment or need a real pervasive solution that works on low-end devices, J2ME is the hands-down winner. In the enterprise world, important J2ME vendors opt for service gateway-based application paradigms, while .Net CF is still too young for any significant third-party mobile middleware to emerge..."

[February 25, 2003] "Ixiasoft Boosting XML Content Searching. Link with Microsoft Content Management Server Offered." By Paul Krill. In InfoWorld (February 25, 2003). "Ixiaosoft is integrating its XML searching capabilities into Microsoft Content Management Server 2002, Ixiasoft officials are announcing this month. The company also is announcing an upgraded version of its Textml Server content server, featuring WebDAV support. A beta version of the Ixiasoft Integration Kit for Microsoft Content Management Server is available now, with general release anticipated later this month. The integration enables Content Manager Server developers and integrators to deploy sites that take advantage of the IxiasoftTextml Server XML search technology. Textml Server is an XML content server designed to store, index, and retrieve XML content. It is an embeddable XML server for original equipment manufacturers and developers of document-centric XML applications, such as documentation management systems, wireless content publishing, and enterprise portals. The integration kit consists of .Net Composite Controls that can be dragged and dropped from the Visual Studio .Net toolbox into a Content Management Server 2002 site under development. Developers can provide search and sort capabilities on postings based on the content of placeholders, properties, and custom properties, according to Ixiasoft. Ixiasoft this Thursday will ship Version 2.3 of Textml Server, which features XML Name Space support. This functionality provides for a simple method for qualifying element and attribute names used in XML documents by associating them with namespaces identified by URI references, according to Ixiasoft. Also featured in Version 2.3 are a WebDAV (Web-based Distributed Authoring and Versioning) client and server. WebDAV provides extensions to HTTP to boost the exchange of documents over the Web... XMP (Adobe's eXtensible Metadata Platform) also is supported, designed to enable XML metadata to be embedded within application files, such as a PDF file..." See also: (1) "WEBDAV (Extensions for Distributed Authoring and Versioning on the World Wide Web"; (2) "Extensible Metadata Platform (XMP)."

[February 24, 2003] "A Conversation with Adam Bosworth." By Marshall Kirk McKusick (Queue) and Adam Bosworth (Chief Architect and Senior Vice President of Advanced Development, BEA Systems). In ACM Queue Volume 1, Number 1 (March 2003), pages 12-21. ['Bosworth is directly involved in shaping the future of Web Services... to press Bosworth for insights into the possibilities and hazards he sees ahead, Queue asked Marshall Kirk McKusick -- former head of the UC Berkeley Computer Systems Research Group (CSRG) -- to fire off a few questions regarding his greatest Web Services concerns. Besides overseeing the development and release of 4.3BSD and 4.4BSD, McKusick is also renowned for his work on virtual memory systems and fast file system performance.'] Excerpts: "XML gives you a coarse-grain solution that allows for communication efficiency. SOAP and WSDL, meanwhile, give you the loose coupling you need. But that's only true if when you change your implementation, you make sure none of your XML messages are changed, because that's where your public contract is established. Imagine, for example, that I changed my Web site such that it no longer used the HTML format. Let's say it did WML instead. My browser wouldn't end up being such a happy camper if I did that, would it? And in the same way, if I were to change an application such that it didn't do a particular grammar of XML anymore, the other applications I have to communicate with would suddenly get very unhappy. So it's critical that the thing in charge here is the WSDL and not the code... I bring that up simply because a lot of people building so-called Web Service solutions do it just exactly the other way around. They have you build your code and then they auto-generate the XML messages from a description of that code. But, sooner or later, the code is going to change. And when it does, all those auto-generated XML descriptions are going to start breaking things... Another challenge has to do with language. We don't have a good language today for dealing with XML and that's a real problem. We have more and more systems that use XML extensively -- either as metadata that either describes what to do or simply transmits data from one application to another. The first step in any of these exchanges is called 'binding,' which involves some tricky processing to turn the XML back into data structures the programming languages themselves can understand. So if you send me a purchase order in XML, the first thing I'll have to do is tell you how to turn it into a purchase order object. Now, we've already invested a lot of work into ways of handling that here at BEA and we think we've done a pretty good job. But ideally, you shouldn't have to do any of that at all. What you'd really like is for the language to be able to understand the XML document and extract the necessary information itself. In fact, ideally, the language would do even more than that. Because these messages are self-describing, you should also be able to query your own data structures. If someone sends you an XML document, you may want to query it to find out what things you want. And we don't support that today because languages aren't used to thinking about their own data structures as query-able objects. So I think the changes that are going to be driven by Web Services will result in a major language extension. And that will give us a language that not only understands the idea of self-describing documents but also actually is capable of querying them and treating them as data structures... ideally, from our point of view, we'd like to see this come about as an extension to Java... The biggest change I see is that we're moving away from a data-centric world to a message-centric world. Throughout the 90s, we witnessed the triumph of client/server computing. We also saw a vast number of changes in programming that made it easier to talk to databases. So a lot of that was about writing data-centric applications. And that's the classic two-tier model. But now we're moving to an n-tier model. And with an n-tier model, the real problems have to do with exposing too many specifics to systems outside your immediate family. Because when you do that, you break. Over the next 10 years, we're going to move toward communications that are message-oriented, with systems talking to each other through public contracts in asynchronous ways. After that, I think a lot of the changes we'll see will have to do with optimizing that communications scheme. Even today, we have customers asking us to move as many as 500,000 messages a second..."

[February 24, 2003] "An Open Web Services Architecture." By Stans Kleijnen (Vice President of Market Development Engineering, Sun Microsystems) and Srikanth Raju (Staff Engineer/Technology Evangelist, Sun/Microsystems). In ACM Queue Volume 1, Number 1 (March 2003), pages 38-46. Article subsections: Sun ONE: An Open, Standards-based Web Services Framework; Building Web Services with Sun ONE; Phases in Web Service Adoption; ebXML; Different Approaches to Web Services; Wireless Web Services. "The name of the game is web services -- sophisticated network software designed to bring us what we need, when we need it, through any device we choose. We are getting closer to this ideal, as in recent years the client/server model has evolved into web-based computing, which is now evolving into the web services model... we discuss Sun Microsystems' take on web services, specifically Sun ONE: an open, standards-based web services framework; we share with you Sun's decision-making rationales regarding web services, and discuss directions we are moving in... In phase three, the ultimate phase, customers and business partners will find and conduct business dynamically. To reach this phase, two key pieces of technology are required: federated identity services, such as from the Liberty Alliance, and public service registries designed with standards for real-world B2B, such as ebXML. In this phase, expect the completion of a public version of the UDDI registry server, the specification and availability of federated services, and an ebXML roadmap. The goal of the ebXML standardization effort -- which is driven by two UN organizations: The Organization for Advancement of Structured Information Standards (OASIS) and The United Nations Center for Trade Facilitation and Electronic Business (UN/CEFACT), as well as over 2,000 members -- is to build an open marketplace framework in which any business regardless of size can participate in a global electronic marketplace. Some ask why we need yet more standards when we already have SOAP, WSDL, and UDDI. But these standards do not provide all that's necessary for ad-hoc electronic business transactions. The closest to ebXML from the functionality standpoint is the old Electronic Data Interface (EDI), which is too heavy for many smaller business organizations. ebXML standardizes business processes such as purchasing, ordering, shipping, and payment, so they can be performed by machines without manual pre-configuration. It also allows business partners to choose quality of service in their message delivery. Secure and highly reliable message delivery is vital in many business transactions, for example in ordering $500 million worth of Korean merchandise, or executing a buy order of 10,000 Sun Microsystems shares. Basic SOAP does not address these security and reliability requirements. The Sun ONE Platform will soon include an ebXML appliance geared toward small businesses..."

[February 24, 2003] "Web Services: Promises and Compromises." By Ali Arsanjani, Brent Hailpern, Joanne Martin, and Peri Tarr (IBM). In ACM Queue Volume 1, Number 1 (March 2003), pages 48-58. ['What organizational structures will enterprises need to support web services integration with legacy applications or new business processes that span organizational silos?'] "Web services are the latest software craze: the promise of full-fledged application software that needn't be installed on your local computer, but that allow systems running in different environments to interoperate via XML and other web standards. Much of the hoopla surrounding web services revolves around the nirvana of inter-organizational distributed computing, where supply chains can be integrated across continents with applications built from small parts supplied on demand by various vendors. To get to this place, we need to chisel down current methods and build a component-based architecture of large-grained, message aware, enterprise scale, and highly re-configurable enterprise components exposed as web services. The time to start adoption is now, but start within the firewall, inside the enterprise, and work yourself outwards. This wisdom will insulate you from the as yet unresolved security, intellectual property exposure, and performance issues associated with exposing web services outside the enterprise. It also gives you ample time to establish standards and best-practices. Over the past two years, we have contributed to several component-based development and integration (CBDi) projects in the telecommunications, mortgage, financial services, government, and banking sectors. A key success factor in these projects, one of which we will discuss in this article, involved applying CBDi best-practices across the following five web service domains: (1) Organizational, including project management implications and education programs; (2) Methodology, including extending methods to provide full life cycle support for component-based development; (3) Architectural, including best-practices and issues in creating scalable architectures; (4) Technology implementation, which involves mapping a given design onto a technology standard such as Enterprise JavaBeans or .NET. (5) Infrastructure, including development tools, gateway servers, APIs, middleware, and browsers... The current generation of web service infrastructures and tools has the typical problems of early software. Both XML tagging and text representation cause a data size explosion compared with binary representations. XML data must be parsed when it is read into an application, to create the internal data representations. Further complicating performance is the need to read in and parse the tag definition set. Encryption and de-encryption also increase overhead. These performance issues will be addressed as the technology matures, but developers today can expect factors of 10 to 100 slowdown compared to conventional distributed computing operations... Enterprise architectures that capitalize on web service capabilities are evolving rapidly to assimilate assets into a dynamic structure of services on demand. New technologies and methods are maturing to achieve acceptable service level characteristics. One of the best ways to implement web services is to start with a component-based architecture of large-grained enterprise components that expose business process level services as web services. Start within the organization rather than exposing them externally. As you gain project experience and uncover best practices, get ready to migrate to a full service-oriented architecture that externalizes useful business services..."

[February 24, 2003] "The Deliberate Revolution: Transforming Integration With XML Web Services." By Mike Burner (Microsoft). In ACM Queue Volume 1, Number 1 (March 2003), pages 28-37. "The vast investment in Internet infrastructure and telecommunications over the past decade is making the unthinkable eminently achievable. Organizations can now retrieve up-to-the-minute data at run-time from from its canonical source, partners and customers. And where applications have traditionally bound functionality together, it now is practical to access application logic at run-time, from hosted services updated dynamically to keep current with evolving business processes. Parties must now agree on how to represent information, on protocols for retrieving and updating data, and on means of demonstrating the privilege to do so. Such are the necessities that gave birth to XML web services. The architecture of these services attempts to bridge myriad Internet systems, to let organizations ranging from small businesses to multinational enterprises to world governments communicate more effectively using programmatic interfaces to data and processes. Web services have generated much excitement, and vendors are scrambling to depict their platforms as the most compliant, mature, secure, or simply the most likely to crank out swell T-shirts. This article attempts to dive beneath the hype, examining how XML web services differ from existing architectures, and how they might help build customer solutions... Over the next few years, we will experience a groundswell of innovation in two key areas of web services technology. The first will be the definition and publication of XML schemas as the lingua franca of inter-component communications across the Internet. XML is the universal grammar upon which this language is being developed. The second innovation will be the definition of SOAP header elements that extend the power of web service messaging... As the Internet becomes the backbone for data and application integration, common schema for describing our world and our interactions will unblock the flow of information between organizations, and allowing us to communicate with a precision we have never known before. But this shift requires organizations, from small businesses to world governments, to reconsider how data and processes are managed. The software industry, meanwhile, must deliver on technology that allows people to express and manipulate the information that drives our businesses, our societies, and our social interactions. Web services promise to be central to every facet of the transformation..."

[February 24, 2003] "Documentum Adds Collaboration Tools." By David Becker. In CNET News.com (February 23, 2003). "Software maker Documentum, a specialist in content management products [announces] the first products to integrate collaboration software the company recently acquired. The new eRoom Enterprise product will combine Documentum's content management tools -- which catalog, manage and reformat business content ranging from text documents to XML (Extensible Markup Language) data -- with the browser-based collaboration tools made by eRoom, a privately held software maker Documentum acquired late last year. The goal is to allow companies to use content management software as more than just a file clerk, keeping track of various types of content and repurposing them for different formats, said Whitney Tidmarch, vice president of product marketing. By providing a browser-based environment to view and manipulate that content, the eRoom component of the new package allows workers inside and outside the company to make better use of the content being managed. 'Our strategy as a whole has been to continue to broaden the types of content we allow companies to store in a universally accessible place,' Tidmarch said. 'Having an online meeting place or online virtual workplace where this kind of casual interaction can take place is something we haven't had, though. The eRoom software really fills in that part of the picture.' Documentum expects the combination of content management and collaboration tools will especially appeal to workers who have to deal with new corporate rules that govern how documents such as print reports and e-mail messages must be preserved, said Naomi Miller, director of product marketing for Documentum. Combining content management and collaboration tools is a growing trend in the industry, said Nick Wilkoff, an analyst with Forrester Research. But the combination is most valuable to Documentum as a way to introduce existing eRoom customers to the benefits of content management..." See the announcement: "Documentum Delivers eRoom Enterprise. Best-in-Class Collaboration Technology Fully Integrated with Leading Enterprise Content Management Platform."

[February 24, 2003] "Microsoft's Unified App Goals Comes Into View. XML Drives Development of Tools, InfoPath." By Ed Scannell, Mark Jones, and Paul Krill. In InfoWorld (February 24, 2003). "Through its fervent adoption of XML, Microsoft is edging closer to crystallizing its long-held dream of building bridges that foster seamless transport of data between its suite of desktop applications and back-end applications. With the delivery by mid-2003 of its much anticipated and newly named Office 2003 desktop suit, the second beta of which is due in March, the company will have established a vital piece of software that could significantly increase XML adoption across the industry. 'Most vendors are becoming much more XML-friendly and consequently it [XML] is changing the nature of applications vendors business,' said John Jerome, an analyst with The Yankee Group in Boston . 'If Microsoft continues to lace its Office applications with XML, most users will have a more seamless flow of information between the heavy-duty, back-office financial applications and desktop applications like Word and Excel.' Jerome and other industry observers believe that XML is starting to have a game-changing impact on application development and integration. Many think it will positively influence the fundamental economics of implementing enterprise solutions..."

[February 24, 2003] "Standards Emerge From Alphabet Soup." By Renee Boucher Ferguson. In eWEEK (February 24, 2003). Sidebar for Cover Story "Models Link Processes." "An important consideration when deploying BPM software is which standards to follow... There is a growing selection of languages and interfaces out there -- Web Services Choreography Interface, BPML (Business Process Modeling Language), BPEL (Business Process Execution Language), WSFL (Web Services Flow Language) and Xlang -- some of which are backed by competing forces. Once the standards get sorted out, however, these technologies should provide business analysts and software engineers with a view of how business processes perform in business-to-business scenarios. One standard with a lot of momentum is BPEL for Web Services. IBM, Microsoft Corp. and BEA Systems Inc. published BPEL last summer to provide a way to define a process and to define a way a Web service is ordered. IBM, in Armonk, N.Y., has offered two additional standards proposals -- Web Services Transactions and Web Services Coordination. BPEL appears to be the front-runner. The language amounts to the merger of the WSFL and Xlang specifications. Xlang, put forth by Microsoft, reflects the way the Redmond, Wash., company's BizTalk software works, while WSFL focuses on how IBM's MQSeries middleware works. At the same time, two other organizations are putting their combined muscle behind BPML, a metalanguage for the modeling of business processes. They are the Workflow Management Coalition, which counts as members IBM, BEA and Microsoft, as well as Sun Microsystems Inc. and Oracle Corp., and the Business Process Management Initiative..." From "Models Link Processes": "IT managers and line-of-business professionals alike have come to understand that implementing business process management software requires a process modeling step and a process optimization and management step. The former consists of breaking down the tasks of a particular business operation -- both conceptually and graphically -- and creating a model that details where processes touch systems, applications and, increasingly, people. BPM is the technical execution of that model. IT organizations have found that you can't have one without the other. While there's been a lot of process modeling going on for years, process management tools that can execute those models have come to light only over the past 18 to 24 months. These new tools are fundamentally different from previous software offerings in that they combine modeling capabilities with real-time management capabilities. This extends the concept of BPM across, and even outside, an enterprise. The latest wrinkle in BPM technology links the execution layer to a process control layer, which gives companies the ability to monitor and measure processes on the fly... According to Gartner, 55 percent of clients polled said using a BPM engine helped them to automate administrative tasks and reduce costs of transactions or a business event. In the same study, 70 percent said BPM improved coordination across departments or geographies, 70 percent said fewer people were needed to perform business tasks, and 85 percent said they reduced the steps in certain processes. Some 85 percent said they experienced quality improvement, fewer errors, higher productivity per person and a reduction in time to market. In setting up a BPM strategy, organizations can choose software from three constituencies -- pure-play BPM vendors, EAI (enterprise application integration) vendors and ERP developers. Although their software runs at the core of many businesses, enterprise software vendors such as Siebel Systems Inc., SAP AG and Oracle Corp. are the last ones to address BPM. Siebel and SAP have each announced integration infrastructures for defining, implementing, managing and monitoring business processes -- and initiating Web services... Siebel, of San Mateo, Calif., last fall announced its Universal Application Network initiative, which promises to provide prepackaged, industry-specific business processes. SAP, of Waldorf, Germany, is adding a BPM component to its recently unveiled Enterprise Services Architecture for Web services. Later this year, SAP will ship a product that combines an integration broker for XML-based message exchange and its BPM engine that enables the design, execution and monitoring of business processes..."

[February 22, 2003] "Common Alerting Protocol - Alert Message Data Dictionary." Produced by the Common Alerting Protocol (CAP) Technical Working Group. Version 0.7. Draft 2/22/2003. Version 0.7 represents a minor update from version 0.6, incorporating experience from several prototype implementations and field trials, and insights obtained in discussions among the Working Group. "The Common Alerting Protocol is a draft specification of open, nonproprietary, standards-based data formats for the exchange of emergency alerts and related information among emergency agencies and public systems. The CAP will be designed to facilitate the collection and relay of all types of hazard warnings and reports. Development and deployment of a standard such as CAP will yield important benefits for public safety: (1) Warnings to the public will be better coordinated across the wide range of available warning and notification systems (2) Workload on warning issuers will be reduced, since a single warning message will be compatible with all kinds of warning delivery systems. (3) Overall 'situational awareness' will be enhanced, since CAP will permit the aggregation of all kinds of warning messages from all sources for comparison and pattern recognition. The Common Alerting Protocol has been under development since 2001 through the efforts of an international ad-hoc Working Group of technical and public safety experts." A posting of February 22, 2003 from Art Botterell to the CAP mailing list: "I'm hoping this version will offer a point of departure for the OASIS Emergency Management Technical Committee standards process in the near future..." See also the (CAP) Working Group Working Documents Related references: (1) "Common Alerting Protocol (CAP) Provides XML Interchange Format for Public Safety Reports"; (2) "XML and Emergency Management." [cache]

[February 22, 2003] "Web Services Orchestration: A Review Of Emerging Technologies, Tools, and Standards." By Chris Peltz (Hewlett Packard, Developer Resource Organization). Technical Paper from HP Dev Resource Central (January 2003). 20 ages. "Web services technologies are beginning to emerge as a defacto standard for integrating disparate applications and systems using open, XML-based standards. In addition to building web services interfaces to existing applications, there must also be a standard approach to connecting these web services together to form more meaningful business processes. In 2002, a number of new standards were introduced to address this problem, including BPEL4WS and WSCI. The purpose of this paper is to provide a review of these emerging standards, to help the reader better understand how web services orchestration can be accomplished today. BPEL4WS primarily focuses on the creation of executable business processes, while WSCI is concerned with the public message exchanges between web services. WSCI takes more of a collaborative and choreographed approach, requiring each participant in the message exchange to define a WSCI interface. BPEL takes more of an 'inside-out' perspective, describing an executable process from the perspective of one of the partners. BPML has some complimentary components to BPEL4WS, both providing capabilities to define a business process. WSCI is now considered a part of BPML, with WSCI defining the interactions between the services and BPML defining the business processes behind each service. Orchestration, choreography, business process management, and workflow -- these are all terms related to connecting web services together in a collaborative fashion. The capabilities offered by web services orchestration will be vital for building dynamic, flexible processes. The goal is to provide a set of open, standards-based protocols for designing and executing these interactions involving multiple web services. To accomplish this, there are some basic requirements that have to be met. There is a need for asynchronous support in order to build reliability into the process. Strong transactional semantics and exception handling are required to manage both internal and external errors. There is also a need for a set of programming constructs to describe workflow. Finally, there has to be a way to link or correlate requests together to build higher-level conversations... It is unclear where the industry is going with the various standards. There is a fair amount of traction behind BPEL4WS from major players in the industry, and WSCI and BPML have already converged with each other... The ability to support a conversational model between web services is an important area that must be addressed by the web services standards. A conversational model for web services provides a more loosely coupled, peer-to-peer interaction model. These conversations involve multiple steps between parties, often involving negotiation between the parties. A peer-to-peer conversational model takes more of a third-person perspective, quite different from the standards presented in this paper. Even WSCI, which offers a somewhat collaborative model between web services, still takes a first-person perspective for any given WSCI document. [Hanson, Nandi, and Levine: 'Conversation-enabled Web Services for Agents and e-Business'] offers a good analogy to illustrate the difference between the business process standards and the conversational model for web services. The current web services model is analogous to a vending machine. There are a set number of buttons that can be pressed in a pre-defined order. A conversational model is more analogous to a telephone call, involving a series of exchanges between the parties at each end in a more flexible, dynamic fashion. At this time, IBM's Conversation Support for Web Services (CS-WS) is the only standard that claims to support this capability...

[February 22, 2003] "Exploring XML in Office 11. XML Capabilities in Store for Word and Excel Pack a Learning Curve." By Jon Udell. In InfoWorld (February 21, 2003). "Most business information lives in documents, not in databases. With the new XML features in Office 11, IT can start to bring database-like discipline to the creation and querying of those documents. For developers, schematization of business documents, such as resumes and expense reports, will be a long and gradual process. But Excel's new ability to read in and analyze XML data -- from XML-aware databases, Web services, and other sources -- will be immediately useful... This year's upcoming debut of Microsoft Office 11 will mark the start of a long process of education and adaptation... Here we explore how existing Office documents can benefit from the new features, how developers will prepare XML-aware Office templates, and how users will apply them to create and analyze XML data... After Office 11 ships, we face a classic chicken-and-egg scenario. Developers can't really learn the art of modeling data in business documents without user feedback. But users can't provide that feedback until they start actually working with XML-enriched documents. Office 11's XML support isn't a final solution. Rather, it allows for a long, difficult, and absolutely vital bootstrapping process. ... Nothing else in the Office suite will have anything like Excel's analytic prowess. Excel 11's newfound ability to absorb arbitrary schema-governed XML data, coupled with the explosion of XML data coming from everywhere -- Web services, XML-aware databases, the rest of the Office suite, and other emerging XML applications -- makes it more valuable. If you start with a raw XML file -- just data, no schema -- Excel will read the data and make a best-effort map to the grid. In the resulting worksheet, that data is immediately available for editing, sorting, charting, pivot-table analysis, and more. Of course when the data comes from a Web service, as it increasingly will, it is likely to be schematized. In that case, your options multiply. Once you associate a schema with the XML data, you can select elements shown in the XML Structure task pane. Under the covers, Excel creates the XPath queries that address those elements within the nested structure of the document. By dragging a set of selected elements to the worksheet, you create an XML data range that can absorb data from one or more XML files conforming to the schema..."

[February 22, 2003] "The .NET Classes StringInfo and TextElementEnumerator. These Two Members of the System.Globalization Namespace Handle Details of Unicode String Traversal." By Bill Hall. In MultiLingual Computing and Technology #54, Volume 14, Issue 2 (March 2003), pages 52-56. Programmers tend to become nervous when dealing with character encodings where a grapheme does not correspond exactly to a fixed width data element of storage... Fortunately, in today's object-oriented programming languages, it is possible to encapsulate methods and internal information into an object that handles Unicode string traversal. The programmer simply sets the starting position. From there, methods are available to move to the next character boundary and collect the one or more Unicode elements into an object representing the grapheme. No a priori knowledge about the nature of the elements and their relationship to other elements is required by the programmer. The class takes care of such details. In Microsoft.NET, the intricacies of string traversal are handled by the StringInfo and TextElementEnumerator classes. Both are members of the System.Globalization namespace. Although not yet implemented in Java, work is ongoing to develop comparable support since both .NET and Java have to support Unicode 3.2 for aesthetic as well as practical reasons. For example, the People's Republic of China now requires that software be able to manage all characters found in GB 18030-2000, of which some 40,000+ have Unicode equivalents that are surrogate pairs and thus require two Unicode elements per grapheme to encode... So, what are the issues involved in encoding graphemes in Unicode? The main ones are composite representations and surrogate pairs... .NET programmers should note that processing a Unicode string by moving from one Char element to the next may not be a suitable way of examining text if grapheme boundaries must be respected. For this purpose, use a combination of methods from the StringInfo and TextElementEnumerator classes..."

[February 22, 2003] "XACML Standard Controls Web Services Access." By Patricia Daukantas. In Government Computer News (February 21, 2003). "The Organization for the Advancement of Structured Information Standards this week approved the Extensible Access Control Markup Language (XACML) specification for Web services and documents. All previous policy languages were in proprietary formats, said Carlisle Adams, co-chairman of the OASIS XACML technical committee. XACML will be transportable between systems. Adams, principal security architect for Entrust Inc. of Addison, Texas, said the committee started working on the new language specification nearly two years ago. 'XACML cooperates with another recently approved OASIS standard, Security Assertion Markup Language, to create an authentication architecture for Web services. SAML defines a syntax for expressing assertions, such as a computer user's job title or security clearance, Adams said. A rules engine with policy statements written in XAML could compare the SAML assertions with its policies to determine whether the user should see confidential information'... See the announcement and related news item "Sun Microsystems Releases Open Source XACML Implementation for Access Control and Security."

[February 22, 2003] "Altio Makes Front-End Integration Smarter." By James R. Borck (Infoworld Test Center). In InfoWorld (February 21, 2003). ['AltioLive 3.0 hits new heights for Web-based applications built on Web services and data-centric resources.'] "EAI has a reputation as a necessary evil for the costly task of integrating years of legacy applications and valuable data. As enterprises seek to expose these old resources via new technology, including Web services, the rift between functionality and the limitations imposed by current browser-based technologies is ever more obvious. Facing the challenge head-on is Altio with its release of the AltioLive 3.0 platform... AltioLive delivers a means of integrating enterprise resources into a single interface that can be flexibly customized and extended. The solution's cost is well below that of traditional EAI, and it's more interactive than straight portal solutions. Easily implemented, the platform and IDE reduces the technical expertise required to extend Web services and backend resources and reduces deployment concerns... This release of AltioLive includes an overhauled IDE, adds offline resynchronization, real-time services management, and shores up better compatibility with Web services and XML standards. Although we would prefer to see client availability for mobile devices and better integration for XML-based transactional security, Altio hits the mark, scoring our highest rating of Deploy. The AltioLive production environment comprises the Presentation Server, which is a middleware servlet platform that manages XML-based communication streams, and a fat client applet running in a Web browser on the end-user's system. The fat client is an interface-rendering engine. It uses XSL to format raw XML data from the Presentation Server for use in the browser application. Altio provides an in-memory database, using a customized DOM and XPath interpreter, that allows data to be shared and reused locally among applications without constantly repolling the server... Altio received a profile boost in January thanks to an alliance formed with Sun Microsystems. The Sun ONE Portlet Server will begin bundling the AltioLivePortlet Edition development environment, boosting Sun's platform with added real-time, cross-application functionality and adding the benefit of bandwidth conservation. In the end, we found AltioLive 3.0 to represent the strongest overall offering available in the rich Internet application space today. It offers great opportunity for bridging user interfaces with the worlds of EAI and Web services that should not be overlooked..."

[February 21, 2003] "XML Advanced Electronic Signatures (XAdES)." Edited by Juan Carlos Cruellas (UPC), Gregor Karlinger (IAIK) Krishna Sankar Cisco). W3C Note 20-February-2003. Version URL: http://www.w3.org/TR/2003/NOTE-XAdES-20030220/. Latest version URL: http://www.w3.org/TR/XAdES/. "XAdES extends the IETF/W3CXML-Signature Syntax and Processing specification into the domain of non-repudiation by defining XML formats for advanced electronic signatures that remain valid over long periods and are compliant with the European 'Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures' [EU-DIR-ESIG] (also denoted as 'the Directive' or the 'European Directive' in the rest of the present document) and incorporate additional useful information in common uses cases. This includes evidence as to its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature. An advanced electronic signature aligned with the present document can, in consequence, be used for arbitration in case of a dispute between the signer and verifier, which may occur at some later time, even years later. This note adds six additional forms to XMLDSIG: (1) XML Advanced Electronic Signature (XAdES): Provides basic authentication and integrity protection and satisfies the legal requirements for advanced electronic signatures as defined in the European Directive but does not provide non-repudiation of its existence; (2) XML Advanced Electronic Signature with Time-Stamp (XAdES-T): Includes time-stamp to provide protection against repudiation; (3) XML Advanced Electronic Signature with complete validation data (XAdES-C): Includes references to the set of data supporting the validation of the electronic signature (i.e., the references to the certification path and its associated revocation status information). This form is useful for those situations where such information is archived by an external source, like a trusted service provider. (4) XML Advanced Electronic Signature with eXtended validation data (XAdES-X): Includes time-stamp on the references to the validation data or on the ds:Signature element and the aforementioned validation data. This time-stamp counters the risk that any keys used in the certificate chain or in the revocation status information may be compromised. (5) XML Advanced Electronic Signature with eXtended validation data incorporated for the long term (XAdES-X-L): Includes the validation data for those situations where the validation data are not stored elsewhere for the long term. (6) XML Advanced Electronic Signature with archiving validation data (XAdES-A): It includes additional time-stamps for archiving signatures in a way that they are protected if the cryptographic data become weak..." See "XML Digital Signature (Signed XML - IETF/W3C)."

[February 21, 2003] "Microsoft Rolls Out Rights Management Software." By Peter Galli and Mary Jo Foley. In eWEEK (February 21, 2003). "Microsoft Corp. on Friday finally unveiled its plans to integrate digital rights management technology across its entire product lines. The Redmond, Wash., company announced Windows Rights Management Services (WRMS), a new technology for Windows Server 2003 that will help secure sensitive internal business information including financial reports and confidential planning documents. An early alpha version of WRMS will be available to select testers next week, with a broad beta of the product, formerly code-named Tungsten, being released in next quarter. The product will work with applications to provide a platform-based approach to providing persistent policy rights for Web content and sensitive corporate documents of all types... DRM technology enables content creators, such as record companies, to encrypt content and define who can decrypt it and how they can use it. Microsoft is counting on increasing adoption of the technology to help drive demand for many of its current and future products... Microsoft currently offers a DRM system, Microsoft Windows Media Rights Manager, which is being used by seven music and video subscription services. There has been much speculation about the future of that technology when the updated DRM server was announced. Mike Nash, who is the corporate vice president of Microsoft's security business unit and is spearheading the DRM strategy for all of its product lines, said Friday that WRMS does not share any code in common with the DRM platform that Microsoft currently includes in its Windows Media Series products. Instead, WRMS will rely on XrML (Extensible Rights Markup Language), an emerging standard for the expression of rights on digital content... When the second beta of Office 2003 ships in early March, Microsoft will also make available to testers new APIs in the Office suite that will turn on the Information Rights Management's DRM features that are being included in that product. Finally, later this spring, Microsoft is planning to make its WRMS software development kit available to third-party software vendors, corporate developers and systems integrators. Nash noted that Microsoft's existing Windows Media DRM and its newly introduced WRMS are just two components of this strategy. Microsoft and third-party software vendors who sign on to use WRMS are likely to add the technology to other enterprise and consumer products in the future..." See details in the 2003-02-25 news story "Microsoft Announces Windows Rights Management Services (RMS)." Related references: (1) "XML and Digital Rights Management (DRM)"; (2) "OASIS Rights Language"' (3) "Extensible Rights Markup Language (XrML)".

[February 21, 2003] "Microsoft Details Rights Management Tech. Server Add-On Enforces Protection Policies." By Stacy Cowley and Joris Evers. In InfoWorld (February 21, 2003). "Microsoft said Friday it is developing add-on security technology for its forthcoming Windows Server 2003 operating system software that will allow organizations to implement rights-management protections on corporate documents such as e-mail messages and data files. The Windows Rights Management Services (RMS) will be able to enforce protection policies by controlling which users can access specific content and what access rights they are granted. Companies will, for example, be able to restrict content copying, forwarding and printing in applications such as portal, e-mail and word-processing software. However, only users of Microsoft's most recent products will be able to fully take advantage of the technology. RMS relies on the proposed XrML (Extensible Rights Markup Language) standard, an XML-based (Extensible Markup Language) language that is heavily backed by Microsoft but has yet to attract broad industry support. While Office 11, Microsoft's Office update scheduled for mid-2003, supports XrML and will work with RMS, older versions of Microsoft Office won't work with the technology, including the currently available Office XP..." See references in previous bibliographic entry and in the 2003-02-25 news story "Microsoft Announces Windows Rights Management Services (RMS)."

[February 21, 2003] "Mapping Between UML and XSD." By David Carlson (Ontogenics Corp). From XMLmodeling News Volume One, Issue Two (January 28, 2003). "One of the principal advantages of using UML when designing XML vocabularies is that the model can serve as a specification which is independent of a particular schema language implementation. W3C XML Schema is the most common choice right now, but we hope that business vocabularies (and other non-business technical markup languages) have a long life and will be implemented using alternative new schema languages. To achieve this goal, we need to define a complete and flexible mapping between UML and each implementation language. Given that UML was originally intended for object-oriented analysis and design, the mapping is most straightforward for languages that have an object-oriented flavor... A bi-directional mapping between UML and schemas is specified in the form of a UML Profile. The purpose of a UML profile for this or any other use is to extend the UML modeling language with constructs unique to an implementation language, analysis method, or application domain. The profile extension mechanism is part of the UML standard; it was expanded in the recent UML version 1.4 and will be further expanded when UML 2.0 is adopted this year. A UML profile (pre version 2.0) is composed of three constructs: stereotypes, tagged value properties, and constraints. A stereotype defines a specialized kind of UML element; for example, the XSDcomplexType stereotype defines a specialized kind of UML Class, and XSDschema defines a specialized kind of UML package. Tagged values define properties of these stereotyped elements. So the XSDschema stereotype includes a targetNamespace property. By assigning this stereotype to a UML package and setting a value for this property, we have augmented the UML modeling language with information used to generate a complete XML Schema document from an abstract vocabulary model. Similar stereotypes and properties are defined for all XML Schema constructs. A profile constraint specifies rules about how and where stereotypes and their tagged values can be used in a model. These rules should include what are often called co-constraints: how the value of one property constrains the values of other properties..." Related references in: (1) "XML Schemas"; (2) "Conceptual Modeling and Markup Languages."

[February 21, 2003] "WS-Security: New Technologies Help You Make Your Web Services More Secure." By David Chappell. In Microsoft MSDN Magazine (April 2003). ['Without good security, Web Services will never reach their potential. WS-Security and its associated technologies, the focus of this article, represent the future of security for Web Services. Provided here is an overview of these emerging security standards that explains what they do, how they work, and how they get along together. Topics discussed include integrity and confidentiality and how these are provided by public key cryptography, WS-Security, and more. Some of the key components of WS-Security, such as the wsu namespace, are also covered.'] "Web Services without effective security aren't very useful. Yet the original creators of SOAP chose to put off defining how this problem should be solved. This was a defensible decision, since getting Web Services off the ground meant keeping them simple -- and providing security is seldom simple. The problem, however, can't be put off forever so Microsoft and IBM, among others, are working together to address this issue. Their efforts have resulted in a group of specs for providing Web Services security, the most important of which is WS-Security. With this article I'll provide a big-picture view of how these technologies work. From one perspective, the task facing the creators of Web Services security looks simple. After all, effective mechanisms already exist for distributed security, including Kerberos, public key technologies, and others, so the task these creators faced wasn't inventing new security mechanisms. Instead, their goal was to define ways to use what already existed in a Web Services world, a world built on XML and SOAP... The fundamental technology for adding security to SOAP is defined by WS-Security. Its ambitious goal is to provide end-to-end message-level security for SOAP messages, and yet the WS-Security spec isn't especially hefty, weighing in at just over 20 pages. This is because WS-Security defines very little new technology but instead defines a way to use existing security technology with SOAP... Effective security for Web Services is essential. Given that most of what's needed is already in place (and the problem is simply a matter of mapping this existing security technology to XML and SOAP), you might think that WS-Security and its associated specs would be very simple (and this article would be very short). Yet accommodating the diverse security mechanisms in use today, along with allowing for those that will appear tomorrow, requires a nontrivial set of technology. Once this technology is in place, the world of secure and interoperable Web Services that we'd all like to see can become a reality. I don't know about you, but I can't wait for this day to arrive..." General references in "Web Services Security Specification (WS-Security)."

[February 21, 2003] "Web Map Context Documents." Edited by Jean-Philippe Humblet (IONIC Software sa). Request for Comment, OpenGIS Implementation Specification. From Open GIS Consortium Inc. Version 0.1.7, 2003-01-21. Reference number: OGC 03-036. 25 pages. Submitted to the GIS Consortium Inc. as a Request For Comment (RFC) by: Ionic Software (Belgium); GeoConnections / Natural Resources Canada; US National Aeronautics and Space Administration; DM Solutions; Social Change Online; Syncline. Annex A.1: Web Map Context Document XML Schema; A.2: Web Map Context XML Example. "This specification applies to the creation and use of documents which unambiguously describe the state, or 'Context,' of a WMS Client application in a manner that is independent of a particular client and that might be utilized by different clients to recreate the application state. This specification defines an encoding for the Context using Extensible Markup Language. This specification is relevant to Clients of the OGC Web Map Service (WMS 1.0, WMS 1.1.0, WMS 1.1.1)... This document is a companion specification to the OpenGIS Web Map Service Interface Implementation Specification version 1.1.1, [which] specifies how individual map servers describe and provide their map content. The present Context specification states how a specific grouping of one or more maps from one or more map servers can be described in a portable, platform-independent format for storage in a repository or for transmission between clients. This description is known as a 'Web Map Context Document,' or simply a 'Context.' A Context document includes information about the server(s) providing layer(s) in the overall map, the bounding box and map projection shared by all the maps, sufficient operational metadata for Client software to reproduce the map, and ancillary metadata used to annotate or describe the maps and their provenance for the benefit of human viewers. A Context document is structured using eXtensible Markup Language (XML). Annex A of this specification contains the XMLSchema against which Context XML can be validated. There are several possible uses for Context documents: (1) The Context document can provide default startup views for particular classes of user. Such a document would have a long lifetime and public accessibility. (2) The Context document can save the state of a viewer client as the user navigates and modifies map layers. (3) The Context document can store not only the current settings but also additional information about each layer (e.g., available styles, formats, SRS, etc.) to avoid having to query the map server again once the user has selected a layer. (4) The Context document could be saved from one client session and transferred to a different client application to start up with the same context. Contexts could be cataloged and discovered, thus providing a level of granularity broader than individual layers... This document directly supports only persistence of portrayed maps created by one or moreWeb Map Server bindings, but provides an extensibility mechanism for Web Feature Server and other types of service and persisted interface object states. It is expected that these will be developed and added to the formal schema in a backward compatible fashion. A specified filename extension such as .cml and .ccml has been proposed for Contexts and Context Collections. This may be added to the section dealing with Mime Type..." See the announcement: "OGC Seeks Comment on Proposed Web Map Context Specification." [cache]

[February 21, 2003] "Sun Trumpets Royalty-Free Web Services Specs. Company Challenges Microsoft, IBM." By Paul Krill. In InfoWorld (February 20, 2003). "Royalty-free industry specifications are needed to enable Web services to fulfill its potential as a mechanism for business process integration on a massive scale, Sun officials stressed during a Sun 'Chalk Talk' session in San Francisco on Thursday. Any requirement that specific vendors be paid royalties for use of their technologies in standardized Web services specifications could stifle the growth of Web services, said Mark Bauhaus, Sun vice president of Java Web services. Sun wants its royalty-free position to be accepted by other members of the Web Services Interoperability Organization (WS-I) and is running for election to a seat on the WS-I governing board in March. Specifically, Microsoft and IBM need to embrace royalty-free Web services, specifications, according to Bauhaus. With the vast increase in devices accessing the Internet, which could eventually number into the billions, and the low cost of Internet access, Web services are poised for dramatic growth as a business process integration mechanism for a variety of applications, Bauhaus said, but Web services must be royalty-free and based on open standards, and specifications must be converged. 'The headlines that we're writing now are about Web services. Is it going to be royalty-free or is someone going to hijack it?' Bauhaus said. He noted that IBM and Microsoft have produced a proposed specification for automating interaction between Web services, called Business Process Execution Language for Web Services (BPEL4WS). This proposal has not yet been submitted to a standards organization. Sun has a competing proposal, Web Services Choreography Interface (WSCI), being examined by the World Wide Web Consortium (W3C)... An IBM representative, in response to an inquiry Thursday about the company's stance on royalty-free Web services specifications, released this statement: 'IBM has already committed to royalty-free licensing on Web services specifications like SOAP, WSDL, and BPEL4WS, and we participate very actively in open-source implementations. We explore everything on a case-by-case basis.' A Microsoft representative released this statement Thursday: 'Microsoft's overarching goal is broad adoption of advanced Web services specifications. [Microsoft officials] can't make a blanket statement about licensing provisions as different specifications have different underlying technologies and different standards bodies have different licensing policies. Microsoft has made major technologies such as SOAP and WS-Security available without royalties and will continue to comply with the intellectual property licensing policies of the various standards bodies with whom we work.' Sun announced intentions to join WS-I last October after initially being shut out of the organization's formation a year ago. Microsoft and IBM were the major founders. WS-I is intended to be an open industry effort to promote Web services interoperability across platforms, applications, and programming languages..." See: (1) "Business Process Execution Language for Web Services (BPEL4WS)"; (2) "Web Services Interoperability Organization (WS-I)"; (3) "Patents and Open Standards."